Fico: community verdicts
2 notable / known-exploited Fico CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Fico CVE, see NVD ↗.
- CVE-2023-30056HIGH 7.5Real · low riskEPSS 1%
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.
- CVE-2023-30057MED 5.4EPSS 1%
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.