CVE-2022-21622

HIGH

Oracle SOA Suite 12.2.1.3.0 and 12.2.1.4.0 - Unauthenticated Data Manipulation via Adapters

Title source: llm

Description

Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.oracle.com/security-alerts/cpuoct2022.html

Scores

CVSS v3 7.5

EPSS 0.0128

EPSS Percentile 79.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (2)

oracle/soa_suite 12.2.1.3.0

oracle/soa_suite 12.2.1.4.0

Published Oct 18, 2022

Tracked Since Feb 18, 2026