Rewterz Threat Alert – Mirai Botnet – Active IOCs
April 21, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs – Russian-Ukrainian Cyber Warfare
April 21, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
April 21, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs – Russian-Ukrainian Cyber Warfare
April 21, 2022Severity
Medium
Analysis Summary
CVE-2022-21498, CVSS 6.5
An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVE-2022-21497, CVSS 8.1
An unspecified vulnerability in Oracle Web Services Manager related to the Web Services Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact.
CVE-2022-21496, CVSS 5.3
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21494, CVSS 4
An unspecified vulnerability in Oracle Solaris related to the Kernel component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21493, CVSS 5.9
An unspecified vulnerability in Oracle Solaris related to the Kernel component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21492, CVSS 6.1
An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition related to the Analytics Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21491, CVSS 7.8
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow an authenticated attacker to take control of the system.
CVE-2022-21490, CVSS 6.3
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system.
CVE-2022-21489, CVSS 6.3
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system.
CVE-2022-21488, CVSS 3.8
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21487, CVSS 3.8
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVE-2022-21486, CVSS 2.9
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact.
CVE-2022-21485, CVSS 2.9
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact.
CVE-2022-21484, CVSS 2.9
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact.
CVE-2022-21462, CVSS 4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21461, CVSS 5.5
An unspecified vulnerability in Oracle Solaris related to the Kernel component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2022-21460, CVSS 4.4
An unspecified vulnerability in Oracle MySQL Server related to the Server: Logging component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2022-21459, CVSS 4.4
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVE-2022-21458, CVSS 6.1
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Navigation Pages, Portal, Query component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21457, CVSS 5.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: PAM Auth Plugin component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2022-21456, CVSS 6.1
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Navigation Pages, Portal, Query component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21454, CVSS 6.5
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the Navigation Pages, Portal, Query component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21453, CVSS 6.1
An unspecified vulnerability in Oracle WebLogic Server related to the Console component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21452, CVSS 4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21451, CVSS 4.4
An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21450, CVSS 5.4
An unspecified vulnerability in Oracle PeopleSoft Enterprise PRTL Interaction Hub related to the My Links component could allow an authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21448, CVSS 6.1
An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition related to the Visual Analyzer component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21447, CVSS 6.5
An unspecified vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement related to the Advising Notes component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2022-21446, CVSS 8.2
An unspecified vulnerability in Oracle Solaris related to the Utility component could allow an unauthenticated attacker to cause low confidentiality impact, high integrity impact, and no availability impact.
CVE-2022-21445, CVSS 9.8
An unspecified vulnerability in Oracle JDeveloper related to the ADF Faces component could allow an unauthenticated attacker to take control of the system.
CVE-2022-21444, CVSS 4.4
An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21443, CVSS 3.7
An unspecified vulnerability in Oracle Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVE-2022-21442, CVSS 8.8
An unspecified vulnerability in Oracle GoldenGate related to the OGG Core Library component could allow an authenticated attacker to take control of the system.
CVE-2022-21441, CVSS 7.5
An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21440, CVSS 5.5
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVE-2022-21438, CVSS 4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21437, CVSS 4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21436, CVSS 4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21435, CVSS 4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21434, CVSS 5.3
An unspecified vulnerability in Oracle Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVE-2022-21431, CVSS 10
An unspecified vulnerability in Oracle Communications Billing and Revenue Management related to the Connection Manager component could allow an unauthenticated attacker to take control of the system.
CVE-2022-21430, CVSS 8.5
An unspecified vulnerability in Oracle Communications Billing and Revenue Management related to the Connection Manager component could allow an authenticated attacker to take control of the system.
CVE-2022-21427, CVSS 4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: FTS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
Impact
- Denial Of Service
- Unauthorized Access
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-21498
- CVE-2022-21497
- CVE-2022-21496
- CVE-2022-21494
- CVE-2022-21493
- CVE-2022-21492
- CVE-2022-21491
- CVE-2022-21490
- CVE-2022-21489
- CVE-2022-21488
- CVE-2022-21487
- CVE-2022-21486
- CVE-2022-21485
- CVE-2022-21484
- CVE-2022-21462
- CVE-2022-21461
- CVE-2022-21460
- CVE-2022-21459
- CVE-2022-21458
- CVE-2022-21457
- CVE-2022-21456
- CVE-2022-21455
- CVE-2022-21454
- CVE-2022-21453
- CVE-2022-21452
- CVE-2022-21451
- CVE-2022-21450
- CVE-2022-21448
- CVE-2022-21447
- CVE-2022-21446
- CVE-2022-21445
- CVE-2022-21444
- CVE-2022-21443
- CVE-2022-21442
- CVE-2022-21441
- CVE-2022-21440
- CVE-2022-21438
- CVE-2022-21437
- CVE-2022-21436
- CVE-2022-21435
- CVE-2022-21434
- CVE-2022-21433
- CVE-2022-21432
- CVE-2022-21431
- CVE-2022-21430
- CVE-2022-21427
Affected Vendors
Oracle
Affected Products
- Oracle Java SE 11.0.14
- Oracle Java SE 8u321
- Oracle Java SE 7u331
- Oracle Java SE 17.0.2
- Oracle Java SE 18
- Oracle Solaris 11
- Oracle Database Server 12.1.0.2
- Oracle Database Server 19c
- Oracle Web Services 12.2.1.4.0
- Oracle Web Services 12.2.1.3.0
- Oracle MySQL Server 8.0.28
- Oracle MySQL Server 5.7.37
- Oracle GoldenGate 23.0
- Oracle VM VirtualBox 6.1.33
- Oracle MySQL Cluster 8.0.28
- Oracle MySQL Cluster 7.4.35
- Oracle MySQL Cluster 7.5.25
- Oracle MySQL Cluster 7.6.21
- Oracle JDeveloper 12.2.1.3.0
- Oracle WebLogic Server 12.2.1.3.0
- Oracle WebLogic Server 12.2.1.4.0
- Oracle PeopleSoft Enterprise PeopleTools 8.58
- Oracle PeopleSoft Enterprise PeopleTools 8.59
- Oracle Business Intelligence 5.9.0.0.0 Enterprise
- Oracle PeopleSoft Enterprise CS Academic Advisement 9.2
- Oracle PeopleSoft Enterprise PRTL Interaction Hub 9.1.00
- Oracle Communications Billing and Revenue Management 12.0.0.4
- Oracle Communications Billing and Revenue Management 12.0.0.5
Remediation
Refer to Oracle Critical Patch Update Advisory – April 2022 for the patch, upgrade, or suggested workaround information.