Lucene search
China National Vulnerability DatabaseCNVD-2022-88803HistorySep 29, 2022 - 12:00 a.m.
Wazuh Code Execution Vulnerability
2022-09-2900:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
wazuh open source
code execution
vulnerability
active response
arbitrary code
cnvd
0.003 Low
EPSS
Percentile
66.2%
Wazuh is an (Wazuh) open source application. Wazuh 3.6.1 and later, 3.13.5 and earlier, 4.0.0 and later, 4.2.7 and earlier, and 4.3.0 and later, 4.3.7 and earlier are vulnerable to a code execution vulnerability that stems from Active Response endpoint fails to properly filter the special elements of the constructed code segment. An attacker could exploit the vulnerability to execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wazuh wazuh >=3.6.1, | le | 3.13.5 | |
| wazuh wazuh >=4.0.0, | le | 4.2.7 | |
| wazuh wazuh >=4.3.0, | le | 4.3.7 |
Related
cve
cve
CVE-2022-40497
2022-09-28 00:15:09
cvelist
cvelist
CVE-2022-40497
2022-09-27 23:34:13
osv
osv
CVE-2022-40497
2022-09-28 00:15:09
nvd
nvd
CVE-2022-40497
2022-09-28 00:15:09
prion
prion
Remote code execution
2022-09-28 00:15:00