CVE-2022-36944 in Oracle Banking Corporate Lending Process Managementinfo

Summary

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.

Reservation

07/27/2022

Disclosure

09/23/2022

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
251091Oracle Banking Corporate Lending Process Management Base deserialization502Not definedOfficial fixCVE-2022-36944
250957Oracle Communications Service Catalog and Design PSR Designer deserialization502Not definedOfficial fixCVE-2022-36944
250955Oracle Communications BRM - Elastic Charging Engine Security deserialization502Not definedOfficial fixCVE-2022-36944
242483Oracle Communications Policy Management CMP deserialization502Not definedOfficial fixCVE-2022-36944
234549Oracle Communications Network Analytics Data Director Other deserialization502Not definedOfficial fixCVE-2022-36944
209504Scala JAR File deserialization502Not definedOfficial fixCVE-2022-36944

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!