CVE-2022-29936

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.
Configurations

Configuration 1 (hide)

cpe:2.3:a:usu:oracle_optimization:5.16.2:*:*:*:*:*:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
References () https://github.com/orangecertcc/security-research/security/advisories/GHSA-rj5c-j274-vw7g - Exploit, Third Party Advisory () https://github.com/orangecertcc/security-research/security/advisories/GHSA-rj5c-j274-vw7g - Exploit, Third Party Advisory

11 May 2022, 13:27

Type Values Removed Values Added
CWE CWE-502
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:usu:oracle_optimization:5.16.2:*:*:*:*:*:*:*
References (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-rj5c-j274-vw7g - (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-rj5c-j274-vw7g - Exploit, Third Party Advisory

29 Apr 2022, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-29 17:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-29936

Mitre link : CVE-2022-29936

CVE.ORG link : CVE-2022-29936


JSON object : View

Products Affected

usu

  • oracle_optimization
CWE
CWE-502

Deserialization of Untrusted Data