SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks

CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 
CISA

CISA this week added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including two Oracle product flaws for which there do not appear to be any previous reports of exploitation. 

The two Oracle product vulnerabilities added to the cybersecurity agency’s KEV list are tracked as CVE-2022-21445 and CVE-2020-14644. 

CVE-2022-21445 impacts the JDeveloper product of the Oracle Fusion Middleware platform, specifically a component named ADF Faces. CVE-2020-14644 impacts WebLogic Server. Both security holes have been rated ‘critical’ and they can be exploited by an unauthenticated attacker for remote code execution and to take over the targeted system. 

While CVE-2022-21445 and CVE-2020-14644 were discovered two years apart, they are connected. 

When CVE-2022-21445 was disclosed in June 2022, the researchers who found it described it as a ‘mega’ vulnerability that Oracle took six months to patch. 

They warned at the time that the flaw affected all applications that rely on the ADF Faces component, including Oracle Business Intelligence, Enterprise Manager, Identity Management, SOA Suite, WebCenter Portal, Application Testing Suite, and Transportation Management.

Advertisement. Scroll to continue reading.

At the time, they showed how CVE-2022-21445 could be chained with another vulnerability to compromise impacted systems, specifically CVE-2020-14644, which Oracle just added to the KEV catalog. 

The researchers warned at the time that the exploit, which they dubbed ‘The Miracle Exploit’, affected all of Oracle’s online systems and cloud services that relied on ADF Faces. 

The experts said they had reported their findings to major organizations such as Dell, BestBuy, Starbucks, and several others that had been impacted.

SecurityWeek has not seen any public reports describing attacks involving CVE-2022-21445 and CVE-2020-14644, but CISA does occasionally add vulnerabilities to its KEV catalog based on privately received reports. 

Related: CISA Warns of Progress Telerik Vulnerability Exploitation

Related: CISA Warns of Exploited Vulnerabilities in EOL D-Link Products

Related: DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign 

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

Jonathan Trull has joined Oracle as Global Head of Cyber Defense.

Plaid has appointed Sean Cassidy as Chief Information Security Officer.

Ann Barron-DiCamillo has been named Executive Vice President and Global Chief Information Security Officer at U.S. Bank.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.