COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-21445

CVE-2022-21445

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-09-18
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-21445
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.

Players implicated

Oracle · vendorADF Faces · product

Description

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.

Affected FedRAMP products 10 in the catalog

ProductProviderStatusMatch
Aconex for Defense Oracle Authorized vendor-exact · 0.90
Federal Managed Cloud Services Oracle Authorized vendor-exact · 0.90
Fusion Cloud Oracle Authorized vendor-exact · 0.90
Government Cloud - Common Controls Oracle Authorized vendor-exact · 0.90
Oracle Cloud Infrastructure-Government Cloud Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) - Moderate Oracle In Process vendor-exact · 0.90
Oracle Service Cloud Oracle Authorized vendor-exact · 0.90
Oracle Service Cloud (DOD) Oracle Authorized vendor-exact · 0.90
Taleo Cloud - U.S. Government Cloud Oracle Authorized vendor-exact · 0.90