CVE-2022-21575

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Sites Support Tools versions prior to 4.4.2

Description The issue exists due to insufficient input validation in the User Interface component of Oracle WebCenter Sites Support Tools, part of the Oracle Fusion Middleware platform. This allows a remote attacker to gain unauthorized access to read, modify, or add data, or cause a denial of service via the HTTP protocol. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, unauthorized update, insert, or delete access to some accessible data, and the ability to cause a partial denial of service.

Recommendations For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the User Interface component until a patch is available. Avoid using the HTTP protocol to access Oracle WebCenter Sites Support Tools until the issue is resolved.