Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2022-40337
> [Description]
> OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2
> allows attackers to execute arbitrary code.
>
> ------------------------------------------
>
> [Additional Information]
> It is an authenticated attack.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> CWE-829: Inclusion of Functionality from Untrusted Control Sphere
>
> ------------------------------------------
>
> [Vendor of Product]
> Aspire Software
>
> ------------------------------------------
>
> [Affected Product Code Base]
> OASES Aviation MRO IT System - 8.8.0.2
>
> ------------------------------------------
>
> [Affected Component]
> menu function
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Open print folder
>
> ------------------------------------------
>
> [Reference]
> https://www.aspiresoftware.com/companies/oases/
> https://oases.aero/
>
> ------------------------------------------
>
> [Discoverer]
> Delson Dsouza
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment