Description
Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces) (versions 12.2.1.3.0 and 12.2.1.4.0 and prior) is vulnerable to a Java Object Deserialization remote code execution vulnerability. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform a denial of service attack.
Remediation
Upgrade to the latest version of Oracle ADF Faces
References
Related Vulnerabilities
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
WordPress Plugin Form Manager Remote Command Execution (1.7.2)
Sitecore XP Deserialization RCE (CVE-2021-42237)
Text4shell: Apache Commons Text RCE via insecure interpolation
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)