2022-29 Java Security Weekly News - Oracle, Red Hat, GitHub
2022 » Published on July 29, 2022
 | Oracle Security Alerts |
 | Red Hat Security Advisory |
 | Github Security Advisories |
 | Java CVEs |
| N/A | CVE-2022-2131 OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack. Published Monday, July 25, 2022 |
| N/A | CVE-2022-24405 OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. Published Wednesday, July 27, 2022 |
| N/A | CVE-2022-36899 Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. Published Wednesday, July 27, 2022 |
| N/A | CVE-2022-36900 Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. Published Wednesday, July 27, 2022 |
| N/A | CVE-2022-36905 Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Published Wednesday, July 27, 2022 |
| N/A | CVE-2022-36950 In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. Published Wednesday, July 27, 2022 |