PROOF OF EXPLOIT FOUND FOR VULNERABILITY IN THE ORACLE WEB APPLICATIONS DESKTOP INTEGRATOR PRODUCT OF ORACLE E-BUSINESS SUITE
CVSS Base Score: 9.8
An exploit was found for CVE-2022-21587, a vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite. The vulnerability can culminate in takeover of the Oracle Web Applications Desktop Integrator.
CVE-2022-21587 is a critical arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite that can affect the supported versions 12.2.3-12.2.11. The exploitation of the vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
A public Proof-of-Concept is available for this vulnerability:
Because the vulnerability is exploited in the wild, it is very important organisations patch their applications immediately and check their servers for compromise!
The Centre for Cybersecurity Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. Organisations should investigate if they suspect an intrusion attempt.
To address the flaw, Oracle released a critical patch update available at https://www.oracle.com/security-alerts/cpuoct2022.html.
If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident