CVE-2022-42920 in Retail Advanced Inventory Planninginfo

Summary

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

10/14/2022

Disclosure

11/07/2022

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251294	Oracle Retail Advanced Inventory Planning Operations/Maintenance out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
251098	Oracle Financial Services Behavior Detection Platform Application out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
250956	Oracle Communications Service Catalog and Design Order/Service Management out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242820	Oracle Utilities Application Framework General out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242804	Oracle Retail Service Backbone Installation out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242803	Oracle Retail Merchandising System Foundation out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242802	Oracle Retail Integration Bus RIB out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242801	Oracle Retail Financial Integration PeopleSoft Integration Bugs out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242799	Oracle Retail Bulk Data Integration BDI Job Scheduler out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242794	Oracle PeopleSoft Enterprise HCM Global Payroll Switzerland XML CHE out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242750	Oracle Documaker Development Tools out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242684	Oracle WebLogic Server Core out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242682	Oracle WebCenter Portal Discussion Forums out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242681	Oracle Enterprise Data Quality General out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242482	Oracle Communications Policy Management CMP out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242466	Oracle Communications Order and Service Management General out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
242465	Oracle Communications MetaSolv Solution Print Preview out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
234784	Oracle BAM General out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
218714	Oracle WebLogic Server Centralized Third party Jars out-of-bounds write	787	Not defined	Official fix	CVE-2022-42920
212983	Apache Commons BCEL API out-of-bounds	125	Not defined	Official fix	CVE-2022-42920

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!