Session Management Vulnerability in Oracle E-Business Suite
CVE-2022-21636

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-21636?

A vulnerability exists in the Oracle Applications Framework component of Oracle E-Business Suite, specifically within its session management feature. This security flaw can be easily exploited by attackers with low privileges who possess network access via HTTP. Successful exploitation of this vulnerability may grant unauthorized access to critical data or allow complete control over all data accessible through the Oracle Applications Framework. This can pose a significant risk to organizations utilizing affected versions of the software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Applications Framework 12.2.6-12.2.11

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021

JSON

Oracle