CVE-2022-21500 : Oracle Security Alert Advisory

Description

This Security Alert addresses vulnerability CVE-2022-21500, which affects some deployments of Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in the exposure of personally identifiable information (PII).

Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Oracle SaaS cloud environments are not affected by this vulnerability. This vulnerability could affect the E-Business Suite deployments of Oracle Managed Cloud Services customers. Oracle Managed Cloud Services customers should consult their account team for assistance.

For more information

https://www.oracle.com/security-alerts/alert-cve-2022-21500.html

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-2641 : HORNER AUTOMATION RCC 972 15.40 HARD-CODED KEY

CVE-2022-2641 : HORNER AUTOMATION RCC 972 15.40 HARD-CODED KEY

Description Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow

CVE-2022-3270 : FESTO VTEM-S1 INSUFFICIENT TECHNICAL DOCUMENTATION

CVE-2022-3270 : FESTO VTEM-S1 INSUFFICIENT TECHNICAL DOCUMENTATION

Description In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead

CVE-2022-4221 : ASUS NAS-M25 UP TO 1.0.1.7 COOKIE OS COMMAND INJECTION

CVE-2022-4221 : ASUS NAS-M25 UP TO 1.0.1.7 COOKIE OS COMMAND INJECTION

Description Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Asus NAS-M25 allows an