Vulnerabilities > CVE-2022-29936 - Deserialization of Untrusted Data vulnerability in USU Oracle Optimization 5.16.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

usu

CWE-502

NVD

Published: 2022-04-29

Updated: 2022-05-11

Summary

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.

Vulnerable Configurations

Part	Description	Count
Application	Usu USU Oracle Optimization 5.16.2	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://github.com/orangecertcc/security-research/security/advisories/GHSA-rj5c-j274-vw7g