CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-21445

CVSS 9.8v3.1pub. 2022-04-19upd. 2025-10-27

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Application Development Framework

    APP
    Oracle
    12.2.1.3.012.2.1.4.0

CISA KEV — detailsi

Vendori
Oracle
Producti
ADF Faces
Added to KEVi
September 18, 2024
Remediation deadline (US Federal)i
October 9, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 9 października 2024
Tags
Auth BypassDoSDeserialization
CWE
References

Related vulnerabilities

CVE-2026-46769HIGH7.2ten sam produkt

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (compo...

CVE-2026-35243HIGH7.8ten sam produkt

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (compo...

CVE-2026-46770MEDIUM6.1ten sam produkt

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (compo...

CVE-2026-46771MEDIUM4.1ten sam produkt

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (compo...

CVE-2026-46772MEDIUM4.7ten sam produkt

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (compo...