PROOF OF EXPLOIT FOUND FOR VULNERABILITY IN THE ORACLE WEB APPLICATIONS DESKTOP INTEGRATOR PRODUCT OF ORACLE E-BUSINESS SUITE
CVE-2022-21587
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Base Score: 9.8
Sources
https://www.oracle.com/security-alerts/cpuoct2022.html
https://cxsecurity.com/ascii/WLB-2023030001
https://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
Risques
An exploit was found for CVE-2022-21587, a vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite. The vulnerability can culminate in takeover of the Oracle Web Applications Desktop Integrator.
Description
CVE-2022-21587 is a critical arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite that can affect the supported versions 12.2.3-12.2.11. The exploitation of the vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
A public Proof-of-Concept is available for this vulnerability:
https://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
Because the vulnerability is exploited in the wild, it is very important organisations patch their applications immediately and check their servers for compromise!
Actions recommandées
The Centre for Cybersecurity Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. Organisations should investigate if they suspect an intrusion attempt.
To address the flaw, Oracle released a critical patch update available at https://www.oracle.com/security-alerts/cpuoct2022.html.
If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident