Vulnerabilities > USU

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-29934 Missing Authentication for Critical Function vulnerability in USU Oracle Optimization 5.16.2
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec.
local
low complexity
usu CWE-306
7.8
2022-04-29 CVE-2022-29935 Unspecified vulnerability in USU Oracle Optimization 20210817
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download.
network
low complexity
usu
7.5
2022-04-29 CVE-2022-29936 Deserialization of Untrusted Data vulnerability in USU Oracle Optimization 5.16.2
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization.
network
low complexity
usu CWE-502
8.8
2022-04-29 CVE-2022-29937 OS Command Injection vulnerability in USU Oracle Optimization 20210817
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked.
network
low complexity
usu CWE-78
8.8