CVE-2022-31160
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
EPSS 7.76% · 92.1th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications Applications 3.0.3.3 | |
| Oracle | Oracle MySQL <=8.0.33 | |
| Oracle | Oracle Financial Services Applications 2.12.0.0.0 | |
| Oracle | Oracle Financial Services Applications 3.0.0 | |
| Oracle | Oracle Communications Applications 7.4.1.5.0 | |
| Oracle | Oracle Communications Applications 3.0.3.2 | |
| Oracle | Oracle Communications Applications <= 12.0.0.8.0 | |
| Oracle | Oracle Communications Applications 7.5.0 | |
| Oracle | Oracle Retail Applications 22.0.1 | |
| Oracle | Oracle Financial Services Applications 14.6.0.0.0 | |
| Oracle | Oracle Financial Services Applications 21.1.0.0.0 | |
| Oracle | Oracle Financial Services Applications 8.0.7 | |
| F5 | F5 BIG-IP | |
| Oracle | Oracle Communications Applications 7.4 | |
| Oracle | Oracle Financial Services Applications 3.1.0.0.0 | |
| Oracle | Oracle Financial Services Applications <= 14.7.0 | |
| Oracle | Oracle Fusion Middleware 12.2.1.4.0 | |
| Oracle | Oracle Financial Services Applications 4.0.0.0.0 | |
| Oracle | Oracle Financial Services Applications 6.0.0 | |
| Oracle | Oracle Construction and Engineering <= 20.12.12 |
…and 107 more
Exploit Intelligence
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc-repo)
- jquery XSS Proof of Concept (PoC) (github-poc)
- jquery XSS Proof of Concept (PoC) (github-poc)
…and 35 more exploits
Timeline
- Jul 18, 2022 CVE Published
- Jul 21, 2022 EPSS Score
- Dec 28, 2022 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0708.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0708 advisory
- https://github.com/advisories/GHSA-h6gj-6jjq-h8g9 advisory
- https://www.drupal.org/sa-contrib-2022-052 advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102049 advisory
- https://www.ibm.com/support/pages/node/6955057 advisory
- https://www.ibm.com/support/pages/node/6966428 advisory
- https://ubuntu.com/security/notices/USN-6419-1 advisory
- https://www.ibm.com/support/pages/node/7116119 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1016.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1016 advisory
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixFMW advisory
- https://www.dell.com/support/kbdoc/000220669/dsa-2023-= advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1033.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1033 advisory
- https://access.redhat.com/errata/RHSA-2024:1141 advisory
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL advisory
- https://my.f5.com/manage/s/article/K000134469 advisory
- https://ubuntu.com/security/notices/USN-6060-2 advisory
…and 51 more