SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks

CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 
CISA

CISA this week added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including two Oracle product flaws for which there do not appear to be any previous reports of exploitation. 

The two Oracle product vulnerabilities added to the cybersecurity agency’s KEV list are tracked as CVE-2022-21445 and CVE-2020-14644. 

CVE-2022-21445 impacts the JDeveloper product of the Oracle Fusion Middleware platform, specifically a component named ADF Faces. CVE-2020-14644 impacts WebLogic Server. Both security holes have been rated ‘critical’ and they can be exploited by an unauthenticated attacker for remote code execution and to take over the targeted system. 

While CVE-2022-21445 and CVE-2020-14644 were discovered two years apart, they are connected. 

When CVE-2022-21445 was disclosed in June 2022, the researchers who found it described it as a ‘mega’ vulnerability that Oracle took six months to patch. 

They warned at the time that the flaw affected all applications that rely on the ADF Faces component, including Oracle Business Intelligence, Enterprise Manager, Identity Management, SOA Suite, WebCenter Portal, Application Testing Suite, and Transportation Management.

Advertisement. Scroll to continue reading.

At the time, they showed how CVE-2022-21445 could be chained with another vulnerability to compromise impacted systems, specifically CVE-2020-14644, which Oracle just added to the KEV catalog. 

The researchers warned at the time that the exploit, which they dubbed ‘The Miracle Exploit’, affected all of Oracle’s online systems and cloud services that relied on ADF Faces. 

The experts said they had reported their findings to major organizations such as Dell, BestBuy, Starbucks, and several others that had been impacted.

SecurityWeek has not seen any public reports describing attacks involving CVE-2022-21445 and CVE-2020-14644, but CISA does occasionally add vulnerabilities to its KEV catalog based on privately received reports. 

Related: CISA Warns of Progress Telerik Vulnerability Exploitation

Related: CISA Warns of Exploited Vulnerabilities in EOL D-Link Products

Related: DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign 

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

Varun Kohli has joined GetReal Security as Chief Marketing Officer.

MongoDB has appointed Doug Bowers as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.