Search for vulnerabilities
| Vulnerability ID | VCID-555c-e151-fudr |
| Aliases |
CVE-2022-21404
|
| Summary | Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Helidon. Successful attacks of this vulnerability can result in takeover of Helidon. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.1 |
| Risk | 3.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| epss | 0.01069 | https://api.first.org/data/v1/epss?cve=CVE-2022-21404 |
| cvssv2 | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21404 |
| cvssv3.1 | 8.1 | https://www.oracle.com/security-alerts/cpuapr2022.html |
| ssvc | Track | https://www.oracle.com/security-alerts/cpuapr2022.html |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2022-21404 | ||
| https://www.oracle.com/security-alerts/cpuapr2022.html | ||
| cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:* | |
| cpe:2.3:a:oracle:helidon:2.0.0:rc1:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:helidon:2.0.0:rc1:*:*:*:*:*:* | |
| CVE-2022-21404 | https://nvd.nist.gov/vuln/detail/CVE-2022-21404 |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.76707 |
| EPSS Score | 0.01069 |
| Published At | June 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T14:23:03.661892+00:00 | EPSS Importer | Import | https://epss.cyentia.com/epss_scores-current.csv.gz | 36.1.3 |