Oracle recommends upgrading to latest version 12.2.1.5.0. At the time of advisory publication, vendor had not released software version 12.2.1.5.0. Version 12.2.1.3.0 was released on February 8, 2018. Standard Recommendations for Patch Management: Oracle recommends that customers apply the latest Critical Patch Update via Web release.

Apply appropriate preventative measures to harden enterprise systems against known security vulnerabilities.

Vendor Assessment: Oracle has confirmed that this vulnerability is being exploited in the wild through malicious websites. There is no known exploit.

Risk: Critical – CVSS 3.0 Base Score: 9.3 Exploitation risk: High – CVSS 2.9 Access Vector: Network Access Required: No Remotely Exploitable: Yes Confidentiality Impact: Very Low Integrity Impact: Low Availability Impact: High Application Penetration risk: High – CVSS 2.9 Exploitability (ease of exploit): High – CVSS 2.9 Access Vector: Network Access Required: Yes Remotely Exploitable: Yes Confidentiality Impact: Low Integrity Impact: Very Low Availability Impact: High CVSS V2 Score: 9.3 See Oracle Critical Patch Update - February 2018 for details On February 8, 2018, Oracle released Critical Patch Update for February 2018 for Oracle Fusion Middleware products. This Critical Patch Update fixes one vulnerability in Oracle Enterprise Data Quality. The vulnerability is identified as CVE

Summary

: CVE-2022-21615
At the time of advisory publication, vendor had not released software version 12.2.1.5.0. Version 12.2.1.3.0 was released on February 8, 2018. Standard Recommendations for Patch Management: Oracle recommends that customers apply the latest Critical Patch Update via Web release.
Apply appropriate preventative measures to harden enterprise systems against known security vulnerabilities.
Vendor Assessment: Oracle has confirmed that this vulnerability is being exploited in the wild through malicious websites and there is no known exploit available at this time.
Risk: Critical – CVSS 3.0 Base Score: 9.3 Exploitation risk: High – CVSS 2.9 Access Vector: Network Access Required: No Remotely Exploitable: Yes Confidentiality Impact: Very Low Integrity Impact: Low Availability Impact: High Application Penetration risk: High – CVSS 2.9 Exploitability (ease of exploit): High – CVSS 2.9 Access Vector: Network Access Required: Yes Remotely Exploitable: Yes Confidentiality Impact: Low Integrity Impact: Very Low Availability Impact: High CVSS V2 Score 9

Oracle Enterprise Data Quality (EDQ)

The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. The vulnerability is documented in Oracle Enterprise Data Quality (EDQ) - CVE-2022-21615.
According to Oracle, "The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."

Oracle Enterprise Data Quality

Critical Patch Update
CVE-2022-21615. Oracle recommends upgrading to latest version 12.2.1.5.0. At the time of advisory publication, vendor had not released software version 12.2.1.5.0. Version 12.2.1.3.0 was released on February 8, 2018.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References