Lucene search
HistoryJul 28, 2023 - 3:15 p.m.
CVE-2023-39022
oscore vulnerability
code injection
component vulnerability
unchecked argument
cve-2023-39022
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
70.2%
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.
Affected configurations
Node
oscoreoscoreRange≤2.2.6
Related
prion
prion
Code injection
2023-07-28 15:15:00
veracode
veracode
Code Injection
2023-08-02 02:17:39
cvelist
cvelist
CVE-2023-39022
2023-07-28 00:00:00
osv
osv
Code injection in oscore
2023-07-28 15:30:23
cve
cve
CVE-2023-39022
2023-07-28 15:15:13
github
github
Code injection in oscore
2023-07-28 15:30:23
nessus
nessus
Oracle WebCenter Portal Multiple Vulnerabilities (October 2023 CPU)
2023-10-18 00:00:00
qualysblog
qualysblog
Oracle Patch Tuesday, October 2023 Security Update Review
2023-10-18 17:11:20
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
70.2%
Related for NVD:CVE-2023-39022