O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
References
| Link | Resource |
|---|---|
| https://github.com/wendell1224/O2OA-POC/blob/main/POC.md | Exploit Third Party Advisory |
| https://github.com/wendell1224/O2OA-POC/blob/main/POC.md | Exploit Third Party Advisory |
Configurations
History
09 Jul 2026, 01:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Nov 2024, 06:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://o2oa.com - Not Applicable | |
| References | () https://github.com/wendell1224/O2OA-POC/blob/main/POC.md - Exploit, Third Party Advisory |
Information
Published : 2022-02-17 22:15
Updated : 2026-07-09 01:17
NVD link : CVE-2022-22916
Mitre link : CVE-2022-22916
CVE.ORG link : CVE-2022-22916
JSON object : View
Products Affected
zoneland
- o2oa
CWE
