CVE-2022-34558

2022-07-2823:15:07

[email protected]

web.nvd.nist.gov

cve

wmagent

reqmgr

code execution

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.

Affected configurations

NVD

Node

global-workqueue_projectglobal-workqueueMatch1.4.1rc5python

reqmgr2_projectreqmgr2Match1.4.0rc2python

reqmgr2_projectreqmgr2Match1.4.1rc5python

reqmon_projectreqmonMatch1.4.1rc5python

wmagent_projectwmagentMatch1.3.3rc1python

wmagent_projectwmagentMatch1.3.3rc2python

CPENameOperatorVersion
global-workqueue_project:global-workqueueglobal-workqueue project global-workqueueeq1.4.1
reqmgr2_project:reqmgr2reqmgr2 project reqmgr2eq1.4.0
reqmgr2_project:reqmgr2reqmgr2 project reqmgr2eq1.4.1
reqmon_project:reqmonreqmon project reqmoneq1.4.1
wmagent_project:wmagentwmagent project wmagenteq1.3.3

CPE	Name	Operator	Version
global-workqueue_project:global-workqueue	global-workqueue project global-workqueue	eq	1.4.1
reqmgr2_project:reqmgr2	reqmgr2 project reqmgr2	eq	1.4.0
reqmgr2_project:reqmgr2	reqmgr2 project reqmgr2	eq	1.4.1
reqmon_project:reqmon	reqmon project reqmon	eq	1.4.1
wmagent_project:wmagent	wmagent project wmagent	eq	1.3.3