ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Oracle vulnerabilities april 2022

This live blog contains information several vulnerabilites in Oracle software. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on April 21, 2022.

Update April 21, 2022

13:00 | Oracle has published information on 520 new vulnerabilities in their various products. 70 of these vulnerabilities have been awarded a CVSS score of 9.8. Additionally, three of these vulnerabilities have been rated with a score of 10.0. Updates have been published to resolve these issues. Oracle has published a detailed summary of the vulnerabilities on their website.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Potential risk

Vulnerabilities with a CVSS score of 10.0:

  • An attacker with access to the network can abuse an easily exploitable vulnerability to take over Oracle Communications Billing and Revenue Management systems (CVE-2022-21431).
  • Via a code injection attack, malicious actors can perform Remote Code Execution on Spring Cloud Gateway systems (CVE-2022-22947). This vulnerability relates to exploits that can be misused in two components of Spring Cloud Gateway – the ‘Network Exposure Function’ and the ‘Network Slice Selection Function’.

In addition to these 10.0 rated vulnerabilities, a further 70 vulnerabilities with a CVSS score of 9.8 have been published. These vulnerabilities have a high risk of exploitation.

Detail info

The vulnerabilities have impact on many different products and versions. See the security advisory from Oracle for more information.

Background

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.