CVE-2022-43423 Jenkins Compuware Source Code 2.0.12 and earlier has an agent/controller message that doesn't limit where it can be executed, allowing attackers to control agent processes and obtain the values of JAVA APIs.
Jenkins versions prior to 2.0.12 are vulnerable to a remote code execution attack.
Agent/Controller Message Processing
PDS Plugin 2.0.12 and
CVE-2022-43401 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts to compromise Jenkins.
This vulnerability is exposed when a user is granted permission to define and run scripts in a Jenkins pipeline and that pipeline is configured to
CVE-2022-21631 - JD Edwards EnterpriseOne Tools Design Tools SEC Vulnerability Explained
CVE-2022-21631 is a serious vulnerability in Oracle's JD Edwards EnterpriseOne Tools, specifically within the Design Tools SEC component. This flaw exists in all
CVE-2022-39399 An issue was discovered in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE. The vulnerability could be exploited to execute arbitrary code.
code installed by an administrator). Unpatched clients, servers and end users can be compromised by this issue. Furthermore, for an application to be vulnerable, it
CVE-2022-21636 The Oracle Applications Framework is affected by a vulnerability in versions 12.2.6-12.2.11. Versions earlier than 12.2.6 are not affected.
Due to insecure session management, an attacker can hijack user session and perform any action on behalf of the victim.
Risk of escalated privileges (ROP)
Episode
00:00:00
00:00:00