MidnightBSD

Advisories for fico

CVE-2023-30056

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.

Products Affected

Vendor Product Version
fico origination_manager_decision 4.8.1
CVE-2023-30057

Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

Products Affected

Vendor Product Version
fico origination_manager_decision 4.8.1