VDB

CVE-2022-21568

CVE-2022-21568 PUBLISHED CVSS 6.5 MEDIUM

Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Access Request). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iReceivables accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

EPSS 0.57% · 68.9th percentile

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.57%
68.9th percentile

Affected Products

VendorProductVersions
oracleireceivables12.2.3
Oracle CorporationiReceivables12.2.3-12.2.11

Timeline

  • Jul 19, 2022 CVE Published
  • Jul 20, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Oct 22, 2022 EPSS Score
  • Dec 7, 2022 EPSS Score
  • Jan 23, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Apr 27, 2023 EPSS Score
  • Jun 13, 2023 EPSS Score
  • Jul 30, 2023 EPSS Score
  • Sep 14, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›