Strix
26.1K

CVE-2022-29937

HIGHCVSS 8.8/10EPSS 1.46%

Last modified

CVE-2022-29937 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.. EPSS estimates a 1.46% chance of exploitation in the next 30 days.

Description

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.46%

70.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
UsuOracle Optimization20210817

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-29937?
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.
How severe is CVE-2022-29937?
CVE-2022-29937 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.46% probability of exploitation in the next 30 days.
How do I fix CVE-2022-29937?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-29937?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST