VDB

CISA-2022-21445

CISA-2022-21445 PUBLISHED CVSS 9.8 CRITICAL

Reported by oracle · Published April 19, 2022

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Oracle CorporationApplication Development Framework (ADF)12.2.1.3.0, 12.2.1.4.0
Oracle CorporationApplication Development Framework (ADF)12.2.1.4.0, 12.2.1.3.0, 12.2.1.4.0
oraclejdeveloper12.2.1.3.0, 12.2.1.4.0, 12.2.1.4.0

Timeline

  • Apr 19, 2022 CVE Published
  • Oct 21, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›