2022-05-20 12:20:05 +00:00
id : CVE-2022-21500
info :
2022-06-29 17:51:04 +00:00
name : Oracle E-Business Suite <=12.2 - Authentication Bypass
2023-10-12 13:10:11 +00:00
author : 3th1c_yuk1,tess,0xpugazh
2022-05-20 12:20:05 +00:00
severity : high
description : |
2022-06-29 19:25:07 +00:00
Oracle E-Business Suite (component : Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the Oracle E-Business Suite application.
2023-09-06 11:59:08 +00:00
remediation : |
Apply the necessary security patches or updates provided by Oracle to mitigate this vulnerability.
2022-05-20 12:20:05 +00:00
reference :
- https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac
- https://twitter.com/GodfatherOrwa/status/1514720677173026816
2022-05-20 12:37:37 +00:00
- https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
2022-06-29 19:25:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-21500
2023-07-11 19:49:27 +00:00
- https://www.oracle.com/security-alerts/cpujul2022.html
2022-05-20 12:37:37 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cve-id : CVE-2022-21500
2024-06-07 10:04:29 +00:00
epss-score : 0.93111
epss-percentile : 0.99046
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*
2022-05-20 12:20:05 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-10-14 11:27:55 +00:00
max-request : 4
2023-07-11 19:49:27 +00:00
vendor : oracle
product : e-business_suite
2024-06-07 10:04:29 +00:00
shodan-query :
- http.title:"Login" "X-ORACLE-DMS-ECID" 200
- http.title:"login" "x-oracle-dms-ecid" 200
2024-05-31 19:23:20 +00:00
fofa-query : title="login" "x-oracle-dms-ecid" 200
google-query : intitle:"login" "x-oracle-dms-ecid" 200
2022-07-02 11:48:08 +00:00
tags : cve,cve2022,oracle,misconfig,auth-bypass
2022-05-20 12:20:05 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-05-20 12:20:05 +00:00
- method : GET
path :
- '{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp'
2023-10-13 09:38:25 +00:00
- '{{BaseURL}}/OA_HTML/ibeCRgpPrimaryCreate.jsp'
2023-10-12 13:10:11 +00:00
- '{{BaseURL}}/OA_HTML/ibeCRgpIndividualUser.jsp'
- '{{BaseURL}}/OA_HTML/ibeCRgpPartnerPriCreate.jsp'
2022-05-20 12:20:05 +00:00
2023-10-12 13:11:52 +00:00
stop-at-first-match : true
2022-05-20 12:20:05 +00:00
matchers-condition : and
matchers :
- type : word
words :
- 'Registration'
- 'Register as individual'
- '<!-- ibeCZzpRuntimeIncl.jsp end -->'
condition : and
- type : status
status :
- 200
2024-06-08 16:02:17 +00:00
# digest: 4b0a00483046022100d7cda74095052fa09b4f108ba7d418de55d27c5653c3ceef430c5d6ff79785990221009a57be6104a07cb7968f77439b7a08461b4d248631989893d07027a75c83fc8b:922c64590222798bb761d5b6d8e72950