CVE-2022-22971 in Enterprise Manager for Fusion Middlewareinfo

Summary

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/10/2022

Disclosure

05/13/2022

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
234632	Oracle Enterprise Manager for Fusion Middleware Infrastructure Management denial of service	404	Not defined	Official fix	CVE-2022-22971
226713	Oracle Retail Xstore Point of Service Xenvironment denial of service	404	Not defined	Official fix	CVE-2022-22971
226711	Oracle Retail Fiscal Management Security denial of service	404	Not defined	Official fix	CVE-2022-22971
226710	Oracle Retail Customer Management and Segmentation Foundation Internal Operations denial of service	404	Not defined	Official fix	CVE-2022-22971
226489	Oracle Banking Corporate Lending Process Management Base denial of service	404	Not defined	Official fix	CVE-2022-22971
218777	Oracle MySQL Enterprise Monitor General denial of service	404	Not defined	Official fix	CVE-2022-22971
218755	Oracle Healthcare Translational Research Data Studio denial of service	404	Not defined	Official fix	CVE-2022-22971
218754	Oracle Healthcare Data Repository FHIR Server denial of service	404	Not defined	Official fix	CVE-2022-22971
218648	Oracle Communications Diameter Intelligence Hub Mediation denial of service	404	Not defined	Official fix	CVE-2022-22971
218643	Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade denial of service	404	Not defined	Official fix	CVE-2022-22971
218573	Oracle Communications Unified Inventory Management TMF APIs denial of service	404	Not defined	Official fix	CVE-2022-22971
218570	Oracle Communications Elastic Charging Engine Security denial of service	404	Not defined	Official fix	CVE-2022-22971
211722	Oracle Utilities Testing Accelerator Generic denial of service	404	Not defined	Official fix	CVE-2022-22971
211694	Oracle Siebel Engineering-Installer & Deployment Siebel Approval Manager denial of service	404	Not defined	Official fix	CVE-2022-22971
211673	Oracle Retail Predictive Application Server RPAS Server denial of service	404	Not defined	Official fix	CVE-2022-22971
211671	Oracle Retail Merchandising System Foundation denial of service	404	Not defined	Official fix	CVE-2022-22971
211669	Oracle Retail Customer Insights Other denial of service	404	Not defined	Official fix	CVE-2022-22971
211665	Oracle Retail Assortment Planning Application Core denial of service	404	Not defined	Official fix	CVE-2022-22971
211590	Oracle Documaker Enterprise Edition Interactive Docupresentment Server denial of service	404	Not defined	Official fix	CVE-2022-22971
211585	Oracle Hospitality Cruise Shipboard Property Management System Next-Gen SPMS denial of service	404	Not defined	Official fix	CVE-2022-22971
211582	Oracle Healthcare Master Person Index Master Index denial of service	404	Not defined	Official fix	CVE-2022-22971
211562	Oracle WebLogic Server Centralized Thirdparty Jars denial of service	404	Not defined	Official fix	CVE-2022-22971
211559	Oracle Middleware Common Libraries and Tools Thirdparty Patch denial of service	404	Not defined	Official fix	CVE-2022-22971
211557	Oracle Data Integrator Runtime Java agent for ODI denial of service	404	Not defined	Official fix	CVE-2022-22971
211517	Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition User denial of service	404	Not defined	Official fix	CVE-2022-22971
211516	Oracle Financial Services Model Management and Governance Installer/Configuration denial of service	404	Not defined	Official fix	CVE-2022-22971
211515	Oracle Financial Services Enterprise Case Management Installer denial of service	404	Not defined	Official fix	CVE-2022-22971
211514	Oracle Financial Services Behavior Detection Platform User denial of service	404	Not defined	Official fix	CVE-2022-22971
211513	Oracle Financial Services Analytical Applications Infrastructure Others denial of service	404	Not defined	Official fix	CVE-2022-22971
211469	Oracle SD-WAN Edge Management denial of service	404	Not defined	Official fix	CVE-2022-22971
211467	Oracle Communications Interactive Session Recorder Platform denial of service	404	Not defined	Official fix	CVE-2022-22971
211466	Oracle Communications Element Manager Security denial of service	404	Not defined	Official fix	CVE-2022-22971
211381	Oracle Commerce Platform Endeca Integration denial of service	404	Not defined	Official fix	CVE-2022-22971
204360	Oracle Financial Services Crime and Compliance Management Studio denial of service	404	Not defined	Official fix	CVE-2022-22971
199774	VMware Spring STOMP over WebSocket Endpoint allocation of resources	770	Not defined	Official fix	CVE-2022-22971

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!