This live blog contains information several vulnerabilites in Oracle software. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on April 21, 2022.
Update April 21, 2022
13:00 | Oracle has published information on 520 new vulnerabilities in their various products. 70 of these vulnerabilities have been awarded a CVSS score of 9.8. Additionally, three of these vulnerabilities have been rated with a score of 10.0. Updates have been published to resolve these issues. Oracle has published a detailed summary of the vulnerabilities on their website.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Vulnerabilities with a CVSS score of 10.0:
- An attacker with access to the network can abuse an easily exploitable vulnerability to take over Oracle Communications Billing and Revenue Management systems (CVE-2022-21431).
- Via a code injection attack, malicious actors can perform Remote Code Execution on Spring Cloud Gateway systems (CVE-2022-22947). This vulnerability relates to exploits that can be misused in two components of Spring Cloud Gateway – the ‘Network Exposure Function’ and the ‘Network Slice Selection Function’.
In addition to these 10.0 rated vulnerabilities, a further 70 vulnerabilities with a CVSS score of 9.8 have been published. These vulnerabilities have a high risk of exploitation.
The vulnerabilities have impact on many different products and versions. See the security advisory from Oracle for more information.
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.