WID-SEC-W-2024-0896 — Vulnetix

WID-SEC-W-2024-0896 PUBLISHED

Oracle Insurance Applications ist eine Produktfamilie mit Lösungen für die Versicherungsbranche.

Affected Products

Vendor	Product	Versions
	Oracle Insurance Applications 12.6
	Oracle Insurance Applications 12.7

Exploit Intelligence

Research into CVE-2022-41853: Using static functions to obtian RCE via Java Deserialization & Remote Codebase Attack (github-poc-repo)
CKEditor 4 < 4.24.0-lts - XSS vulnerability in samples that use the "preview" feature. (github-poc)
Research into CVE-2022-41853: Using static functions to obtian RCE via Java Deserialization & Remote Codebase Attack (github-poc)
https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0896.json (circl)
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0896 (circl)
https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixINSU (circl)
druid-612f0710.json (github-poc)
.bundler-audit.yml (github-poc)
owasp-exclude.xml (github-poc)

Timeline

Apr 16, 2024 CVE Published

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›