CVE-2022-21500: 
Oracle E-Business Suite vulnerability analysis and mitigation

CVE-2022-21500 is a vulnerability affecting Oracle E-Business Suite component: Manage Proxies, specifically version 12.2. This vulnerability was disclosed on May 19, 2022, and is characterized as an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle E-Business Suite (Oracle Alert).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5, primarily impacting confidentiality. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network vector access, low attack complexity, no privileges required, no user interaction needed, unchanged scope, and high confidentiality impact (Oracle Alert).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. While authentication is required for a successful attack, the attacker may use self-registered credentials (Oracle Alert).

Oracle has released security patches to address this vulnerability. Oracle strongly recommends that customers apply the security patches as soon as possible. Oracle SaaS cloud environments are not affected by this vulnerability. Oracle E-Business Suite version 12.1 is not impacted by this vulnerability (Oracle Alert).