CVE-2022-21445

Name of the Vulnerable Software and Affected Versions Oracle JDeveloper versions 12.2.1.3.0 through 12.2.1.4.0

Description The issue is related to errors in the code of the Oracle JDeveloper product, specifically the ADF Faces component. This can be exploited by a remote attacker using HTTP requests, potentially affecting the confidentiality, integrity, and availability of protected information. The vulnerability can result in the takeover of Oracle Application Development Framework (ADF). It is noted that Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product.

Recommendations For versions 12.2.1.3.0 and 12.2.1.4.0, refer to the Fusion Middleware Patch Advisor for more details on obtaining a patch to resolve the issue. As a temporary workaround, consider restricting access to the ADF Faces component until a patch is available. Additionally, ensure that systems are kept updated to prevent exploitation of this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability, so it is crucial to follow the guidance from the Fusion Middleware Patch Advisor.