Oracle vulnerabilities april 2022
This live blog contains information several vulnerabilites in Oracle software. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on April 21, 2022.
T-Update
This live blog contains information several vulnerabilites in Oracle software. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on April 21, 2022.
Update April 21, 2022
13:00 | Oracle has published information on 520 new vulnerabilities in their various products. 70 of these vulnerabilities have been awarded a CVSS score of 9.8. Additionally, three of these vulnerabilities have been rated with a score of 10.0. Updates have been published to resolve these issues. Oracle has published a detailed summary of the vulnerabilities on their website.
Background
Vulnerabilities with a CVSS score of 10.0: An attacker with access to the network can abuse an easily exploitable vulnerability to take over Oracle Communications Billing and Revenue Management systems (CVE-2022-21431). Via a code injection attack, malicious actors can perform Remote Code Execution on Spring Cloud Gateway systems (CVE-2022-22947). This vulnerability relates to exploits that can be misused in two components of Spring Cloud Gateway – the ‘Network Exposure Function’ and the ‘Network Slice Selection Function’. In addition to these 10.0 rated vulnerabilities, a further 70 vulnerabilities with a CVSS score of 9.8 have been published. These vulnerabilities have a high risk of exploitation.
Risk
The vulnerabilities have impact on many different products and versions. See the security advisory from Oracle for more information.
Advice
Sources
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
