Recently, CISA updated its KEV Catalog to include two critical Oracle vulnerabilities, CVE-2022-21445 and CVE-2020-14644, previously unreported for exploitation.
CVE-2022-21445 affects Oracle Fusion Middleware’s JDeveloper, targeting the ADF Faces component, while CVE-2020-14644 involves WebLogic Server. Both allow unauthenticated remote code execution.
Although discovered years apart, they’re related. CVE-2022-21445, found in 2022 and termed a ‘mega’ vulnerability, took six months for Oracle to patch. It impacts numerous Oracle applications and, when paired with CVE-2020-14644, poses a significant risk to Oracle’s online and cloud services, as researchers with ‘The Miracle Exploit’ demonstrated.
Read more: CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.