CVE-2022-29936

HIGH

USU Oracle Optimization - Insecure Deserialization

Title source: rule

Description

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product.

References (1)

[Exploit, Third Party Advisory] https://github.com/orangecertcc/security-research/security/advisories/GHSA-rj5c-j274-vw7g

Scores

CVSS v3 8.8

EPSS 0.0177

EPSS Percentile 82.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

usu/oracle_optimization

Timeline

Published Apr 29, 2022

Tracked Since Feb 18, 2026