Enhancement: cves/2022/CVE-2022-21587.yaml by md

2023-03-21 16:50:53 -04:00 · 2023-03-21 16:50:53 -04:00 · db2144b4bf
parent b2082aab53
commit db2144b4bf
1 changed files with 5 additions and 2 deletions
--- a/cves/2022/CVE-2022-21587.yaml
+++ b/cves/2022/CVE-2022-21587.yaml
@ -1,11 +1,11 @@
 id: CVE-2022-21587

 info:
-  name: Oracle EBS Unauthenticated - Remote Code Execution
+  name: Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
  author: rootxharsh,iamnoooob,pdresearch
  severity: critical
  description: |
-    Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator.
+    Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
  reference:
    - https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/
    - https://www.oracle.com/security-alerts/cpuoct2022.html
@ -13,6 +13,7 @@ info:
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
+    cwe-id: CWE-94
    cve-id: CVE-2022-21587
  tags: cve,cve2022,rce,oast,intrusive,oracle,ebs,unauth,kev

@ -74,3 +75,5 @@ requests:
        part: body_2
        words:
          - Nuclei-CVE-2022-21587
+
+# Enhanced by md on 2023/03/21