Free Trial

CVE-2022-22978 : ORACLE UTILITIES TESTING ACCELERATOR 6.0.0.1.3/6.0.0.2.4/6.0.0.3.3 TOOLS REMOTE CODE EXECUTION

Description

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

References

https://security.netapp.com/advisory/ntap-20220707-0003/

https://tanzu.vmware.com/security/cve-2022-22978

https://www.oracle.com/security-alerts/cpujul2022.html

For More Information

MITRE

Common Vulnerabilityies and Exposures

CVE-2022-22978 : ORACLE UTILITIES TESTING ACCELERATOR 6.0.0.1.3/6.0.0.2.4/6.0.0.3.3 TOOLS REMOTE CODE EXECUTION
CVE-2022-22978 : ORACLE UTILITIES TESTING ACCELERATOR 6.0.0.1.3/6.0.0.2.4/6.0.0.3.3 TOOLS REMOTE CODE EXECUTION

Contact us to get started

CVE-2023-32306 : TIME TRACKER UP TO 1.22.13.5791 REPORTS.PHP SQL INJECTION

CVE-2023-32306 : TIME TRACKER UP TO 1.22.13.5791 REPORTS.PHP SQL INJECTION

Description Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running

Learn more
CVE-2023-1834 : ROCKWELL AUTOMATION KINETIX 5500 7.13 TELNET/FTP ACCESS CONTROL

CVE-2023-1834 : ROCKWELL AUTOMATION KINETIX 5500 7.13 TELNET/FTP ACCESS CONTROL

Description Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running

Learn more
CVE-2023-2645 : USR USR-G806 1.0.41 WEB MANAGEMENT PAGE USERNAME/PASSWORD HARD-CODED PASSWORD

CVE-2023-2645 : USR USR-G806 1.0.41 WEB MANAGEMENT PAGE USERNAME/PASSWORD HARD-CODED PASSWORD

Description A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of

Learn more