The vulnerability of the XStream library for converting objects to XML or JSON format in the VMware Cloud Foundation virtualization platform arises from a buffer overflow in the stack. This allows an attacker to trigger a service failure.

🗓️ 14 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

XStream library buffer overflow in VMware Cloud Foundation allows remote service failure.

Reporter	Title	Published	Views	Family All 108
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	7 Mar 202303:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5	30 Apr 202418:52	–	ibm
IBM Security Bulletins	Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable xstream-1.4.17.jar	8 May 202308:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in XStream affects IBM Process Mining . CVE-2022-41966	5 May 202315:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to XStream	23 Jun 202310:38	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks	10 Oct 202312:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in XStream	17 May 202316:52	–	ibm
IBM Security Bulletins	Security Bulletin: FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream security vulnerabilities, affected, not vulnerable	27 Jun 202318:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator affected by XStream security vulnerabilities	20 Nov 202319:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Jazz for Service Management is vulnerable to All XStream (Publicly disclosed vulnerability) (CVE-2022-41966)	8 Feb 202306:56	–	ibm

Vulners

Node

red_hat openshift_container_platformMatch3.11

OR

red_hat jboss_fuseMatch7

OR

red_hat jboss_data_gridMatch7

OR

red_hat red_hat_single_sign-onMatch7

OR

red_hat jboss_enterprise_application_platformMatch6

OR

red_hat red_hat_process_automationMatch7

OR

red_hat red_hat_data_gridMatch8

OR

red_hat openshift_container_platformMatch4.10

OR

red_hat decision_managerMatch7

OR

red_hat keycloakMatch22.0.1

OR

xstream xstreamRange<1.4.20

OR

red_hat jboss_fuse_service_worksMatch6

OR

red_hat migration_toolkit_for_runtimesMatch1

OR

red_hat migration_toolkit_for_applicationsMatch6.1

Source	Link
github	www.github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv
x-stream	www.x-stream.github.io/CVE-2022-41966.html
vuldb	www.vuldb.com/ru/
access	www.access.redhat.com/security/cve/cve-2022-41966
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.7/
web	www.web.nvd.nist.gov/view/vuln/detail

13 Sep 2024 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 37.5

CVSS 27.8

EPSS0.08689

xstream library vmware cloud foundation buffer overflow stack overflow remote exploit service failure