Vulnerabilities > USU > Oracle Optimization > 5.16.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-29 | CVE-2022-29934 | Missing Authentication for Critical Function vulnerability in USU Oracle Optimization 5.16.2 USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. | 7.8 |
| 2022-04-29 | CVE-2022-29936 | Deserialization of Untrusted Data vulnerability in USU Oracle Optimization 5.16.2 USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. | 6.5 |