Skip to main content
CVE-2022-47966 CRITICAL POC KEV PATCH THREAT Act Now

Multiple Zoho ManageEngine on-premise products allow unauthenticated remote code execution through SAML SSO functionality due to use of a vulnerable Apache XML Security library, massively exploited in January 2023.

NVD GitHub
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2023-21890 CRITICAL PATCH Act Now

Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Oracle Code Injection Communications Converged Application Server
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy