[CVE-2022-21445] Oracle ADF Faces Deserialization of Untrusted Data Vulnerability

SecurityDesk
2024.09.18 00:00 조회 10

CISA KEV 정보

취약점명Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
설명Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
조치사항Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
랜섬웨어 캠페인 악용Unknown
CWECWE-502
등록일 (KEV)2024-09-18
조치 기한2024-10-09
추가 참고https://www.oracle.com/security-alerts/cpuapr2022.html ; https://nvd.nist.gov/vuln/detail/CVE-2022-21445

NVD 상세 정보

CVSS v3.1: 9.8 CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

설명: Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE: CWE-502 | CWE-502

참조

This product uses the NVD API but is not endorsed or certified by the NVD.



바로 가기

← 목록으로 돌아가기

IT 도구 서랍

→ Unix: 2025-01-15T09:30:00
→ 날짜: 1736934600

→ ASCII: ABC
→ 문자: 65 66 67

ASCII 코드표 — 클릭하면 입력란에 추가

제어 문자 (0–31)

DecHex약어설명

출력 가능 문자 (32–126)

DecHex문자

확장 ASCII (128–255)

DecHex문자

→ 유니코드: 홍길동
→ 문자: \ud64d\uae38\ub3d9