CVE-2022-21544
moderate-risk
Published 2022-07-19
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1-12.4, 14.0-14.3 and 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
Do I need to act?
~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
NETWORK
/ HIGH complexity
Affected Products (2)
Affected Vendors
References (2)
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
32
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
4/34 · Minimal
Exposure
7/34 · Low