Rewterz Threat Advisory – CVE-2022-39420 – Oracle Transportation Management Product Vulnerability

Rewterz Threat Advisory – CVE-2022-26375 – Mammothology AB Press Optimizer plugin for WordPress Vulnerability

November 7, 2022

Rewterz Threat Advisory – CVE-2022-39406 – Oracle PeopleSoft Enterprise Common Vulnerability

November 7, 2022

Rewterz Threat Advisory – CVE-2022-39420 – Oracle Transportation Management Product Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-39420

Oracle Transportation Management could allow a remote authenticated attacker to bypass security restrictions, caused by an improper access control in the Security component. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to perform unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2022-39420

Affected Vendors

Oracle

Affected Products

Oracle Transportation Management 6.4.3

Remediation

Refer to Oracle Security Advisory for patch, upgrade or suggested workaround information.

Oracle Security Advisory

Rewterz Threat Advisory – CVE-2022-26375 – Mammothology AB Press Optimizer plugin for WordPress Vulnerability

Rewterz Threat Advisory – CVE-2022-39406 – Oracle PeopleSoft Enterprise Common Vulnerability

Rewterz Threat Advisory – CVE-2022-39420 – Oracle Transportation Management Product Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan