CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.
Configurations

Configuration 1 (hide)

cpe:2.3:a:usu:oracle_optimization:20210817:*:*:*:*:*:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
References () https://github.com/orangecertcc/security-research/security/advisories/GHSA-xw3r-mq8p-fjv5 - Exploit, Third Party Advisory () https://github.com/orangecertcc/security-research/security/advisories/GHSA-xw3r-mq8p-fjv5 - Exploit, Third Party Advisory

11 May 2022, 13:28

Type Values Removed Values Added
CPE cpe:2.3:a:usu:oracle_optimization:20210817:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 9.0
v3 : 8.8
CWE CWE-78
References (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-xw3r-mq8p-fjv5 - (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-xw3r-mq8p-fjv5 - Exploit, Third Party Advisory

29 Apr 2022, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-29 17:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-29937

Mitre link : CVE-2022-29937

CVE.ORG link : CVE-2022-29937


JSON object : View

Products Affected

usu

  • oracle_optimization
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')