CVE-2022-2047

🗓️ 07 Jul 2022 20:45:12Reported by eclipseType

cve🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 534 Views

Jetty HttpURI class vulnerability in parsing http scheme UR

Reporter	Title	Published	Views	Family All 98
IBM Security Bulletins	Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)	29 Sep 202214:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2022-2047	1 Feb 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in Eclipse Jetty used by IBM Maximo Asset Management (CVE-2022-2047)	2 Mar 202314:09	–	ibm
IBM Security Bulletins	Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology	7 Jun 202406:01	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities	27 Mar 202608:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate these vulnerabilities.	22 Nov 202213:50	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities	11 Mar 202620:59	–	ibm

NVD

Node

eclipse jettyRange<9.4.46

eclipse jettyRange10.0.0–10.0.9

eclipse jettyRange11.0.0–11.0.9

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

netapp element_plug-in_for_vcenter_serverMatch-

netapp management_services_for_element_software_and_netapp_hciMatch-

netapp snapcenterMatch-

netapp solidfire_&_hci_storage_nodeMatch-

netapp hci_compute_nodeMatch-

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.4.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.4.46",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10.0.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.0.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
debian	www.debian.org/security/2022/dsa-5198
security	www.security.netapp.com/advisory/ntap-20220901-0006/
lists	www.lists.debian.org/debian-lts-announce/2022/08/msg00011.html
github	www.github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q

21 Nov 2024 07:00Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.12.7

CVSS 24

EPSS0.00401

CWE-20