CVE-2022-21251

Опубликовано: 19 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance Main). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Installed Base. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Ссылки

https://www.oracle.com/security-alerts/cpujan2022.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:installed_base:*:*:*:*:*:*:*:*

Версия от 12.2.3 (включая) до 12.2.11 (включая)

EPSS

Процентиль: 81%

0.01623

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-m3q7-jvp5-mr96

github

около 4 лет назад

BDU:2022-01999