CVE-2022-2975 An admin user was able to modify accounts and access root user privileges to execute arbitrary code.

An unauthenticated remote attacker could exploit this vulnerability by accessing the web application and performing a series of actions leading to execution of arbitrary code as the root user. An attacker could perform this series of actions by exploiting this vulnerability to gain access to the affected web application and then performing the following actions: Accessing the system configuration tools, where the attacker could modify the system account. Accessing the system accounts, where the attacker could modify the system account and access other system accounts. Accessing the file upload functionality, where the attacker could modify the system account and upload files with the system account. Accessing the email functionality, where the attacker could modify the system account and send emails with the system account. Accessing the contact functionality, where the attacker could modify the system account and add contacts with the system account. Accessing the LDAP functionality, where the attacker could modify the system account and enter the LDAP directory. Accessing the LDAP directory, where the attacker could modify the system account and modify the LDAP directory. Accessing the LDAP search functionality, where the attacker could modify the system account and modify the LDAP directory. Accessing the LDAP search, where the attacker could modify the system account and modify the LDAP directory

Affected Packages

Oracle JD Edwards EnterpriseOne
Oracle JD Edwards World

oracle jd edwards enterpriseone and jd edwards world both have known vulnerabilities that have been assigned CVE-2022-2975.

Description

An authenticated remote attacker could exploit this vulnerability by accessing the web application and performing a series of actions leading to execution of arbitrary code as the root user. The following actions are required to trigger this vulnerability:
· Accessing the web application from a browser
· Logging in to the web application with valid credentials
· Entering any URL into the url bar of a browser
· Clicking on any link on the page
A successful exploit could lead to an elevation of privilege, information disclosure, or remote code execution.

Affected products

- Magento Community Edition Open Source Version 2.2.6 and later
- Magento Enterprise Edition Open Source Version 2.2.6 and later

Vulnerability Discovery

The CERT Coordination Center (CERT/CC) received a report of this vulnerability from an unknown entity on January 31, 2017.

Weak Session Management and Authentication

Because the application does not use a secured cookie, a remote attacker could access the session ID and perform a series of actions leading to execution of arbitrary code as the root user in the context of the session.

Timeline

Published on: 10/06/2022 18:15:00 UTC
Last modified on: 10/11/2022 05:15:00 UTC

References

• https://download.avaya.com/css/public/documents/101083688
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2975