CVE-2022-29937

Name of the Vulnerable Software and Affected Versions USU Oracle Optimization versions prior to 5.17.5

Description The issue allows authenticated DataCollection users to achieve agent root access. This is possible because while some common OS commands are blocked, others, such as an OS command for base64 decoding, are not blocked. It's noted that this is not an Oracle Corporation product.

Recommendations For versions prior to 5.17.5, update to version 5.17.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the base64 decoding OS command to minimize the risk of exploitation.