CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 23, 2023

CVE-2022-21587

High

EPSS 94.4%CISA KEVRansomware

Oracle/E-Business Suite

Description

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

EPSS — Exploit Probability

94.4%

Higher than 100.0% of all CVEs

Required Action

https://www.oracle.com/security-alerts/cpuoct2022.html; https://nvd.nist.gov/vuln/detail/CVE-2022-21587

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 94.4%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Feb 2, 2023

Added to KEV

Feb 2, 2023

Remediation Due

Feb 23, 2023

Affected Product

Oracle

E-Business Suite

View all Oracle CVEs

External Links

NVD (NIST)CVE Details MITRE CVE