CVE-2007-0222

CVE-2007-0222 is a medium-severity vulnerability in Oracle Application Server with a CVSS 2.0 base score of 5.0. Its EPSS exploit-prediction score of 11% places it in the 95th percentile, indicating an elevated likelihood of exploitation.

Key facts

Description

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

Frequently asked questions

What is CVE-2007-0222?
Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).
How severe is CVE-2007-0222?
CVE-2007-0222 has a CVSS 2.0 base score of 5.0, rated medium severity.
Is CVE-2007-0222 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 11% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2007-0222?
CVE-2007-0222 affects Oracle Application Server. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2007-0222?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2007-0222 published?
CVE-2007-0222 was published on 2007-01-17 and last updated on 2026-06-16.

References

Affected products (1)

More vulnerabilities in Oracle Application Server

All CVEs affecting Oracle Application Server →