4 matches found
Oracle WebCenter Portal (July 2024 CPU)
The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by a vulnerability as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Portal Core Apache SOAP. The supported version that i...
com.blazemeter:jmeter-plugins-directory-listing (>=0.2 <=0.3), com.blazemeter:jmeter-plugins-random-csv-data-set (>=0.6 <=0.8) +134 more potentially affected by CVE-2022-45378 via soap:soap (>=2.3 <=2.3.1)
soap:soap MAVEN version =2.3, =0.2, =0.6, =0.3, =1.0.0, =0.0.0, =0.0.0, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.1.0, =1.0.0, =1.1.3 and more Source cves: CVE-2022-45378 Source advisory: OSV:GHSA-789V-H9HW-38PG...
CVE-2022-45378
Oracle WebCenter Portal versions affected include 12.2.1.4.0, where the Portal Core component (Apache SOAP) is vulnerable due to a default unauthenticated RPCRouterServlet. This could allow an attacker to invoke methods on classpath entries and, depending on available classes, may lead to arbitra...
CVE-2022-45378 Apache SOAP allows unauthenticated users to potentially invoke arbitrary code
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary...