(RHSA-2022:8902) Moderate: Red Hat Camel for Spring Boot 3.18.3 release and security update

2022-12-08T13:23:48

Description

This release of Camel for Spring Boot 3.18.3 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): * commons-text: apache-commons-text: variable interpolation (CVE-2022-42889) * org.eclipse.milo-sdk-server: sdk-server: Denial of Service (CVE-2022-25897) * reactor-netty-http: Log request headers in some cases of invalid HTTP requests (CVE-2022-31684) For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

{"id": "RHSA-2022:8902", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2022:8902) Moderate: Red Hat Camel for Spring Boot 3.18.3 release and security update", "description": "This release of Camel for Spring Boot 3.18.3 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* commons-text: apache-commons-text: variable interpolation (CVE-2022-42889)\n\n* org.eclipse.milo-sdk-server: sdk-server: Denial of Service (CVE-2022-25897)\n\n* reactor-netty-http: Log request headers in some cases of invalid HTTP requests (CVE-2022-31684)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2022-12-08T13:23:48", "modified": "2022-12-08T13:24:00", "epss": [{"cve": "CVE-2022-25897", "epss": 0.00169, "percentile": 0.53624, "modified": "2023-12-06"}, {"cve": "CVE-2022-31684", "epss": 0.0007, "percentile": 0.28919, "modified": "2023-12-06"}, {"cve": "CVE-2022-42889", "epss": 0.61225, "percentile": 0.97488, "modified": "2023-12-06"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2022:8902", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2022-25897", "CVE-2022-31684", "CVE-2022-42889"], "immutableFields": [], "lastseen": "2023-12-06T16:41:22", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["BSERV-13534", "BSERV-13588", "CONFSERVER-81048", "CWD-5892", "JRASERVER-74501"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2022-0703"]}, {"type": "cnvd", "idList": ["CNVD-2022-73686"]}, {"type": "cve", "idList": ["CVE-2022-25897", "CVE-2022-31684", "CVE-2022-42889"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-42889"]}, {"type": "f5", "idList": ["F5:K24823443"]}, {"type": "fortinet", "idList": ["FG-IR-22-399"]}, {"type": "gentoo", "idList": ["GLSA-202301-05"]}, {"type": "github", "idList": ["GHSA-599F-7C49-W659", "GHSA-7W4X-4H67-PGMV", "GHSA-FPH9-F5R6-VHQF"]}, {"type": "githubexploit", "idList": ["00749911-992D-503A-A3C6-5CAD015411AA", "02581350-72A7-51B5-AAEF-7A49545171B7", "054C1FDD-1E91-51CC-BA56-40200C2951B0", "083A4069-0A97-552C-A032-A36A52493F19", "09EAB54B-BFAE-5C0C-BC02-4477C25F4F7A", "12870977-FE3C-5883-A821-D1A91690E366", "15920FC5-2EF1-5D1B-81C1-361E8B248365", "1E07DA09-0DAC-5604-9D63-4F46925C454B", "1EB54D78-2208-5730-9FE6-08089B645BAE", "2032BDAC-3EAE-5577-8733-6374B9CA624A", "23203F28-B763-5ADA-A7C0-04A27BF1C406", "2BF0165D-3519-53A6-99F6-B53E05328F14", "2F0EFF8D-6549-5E08-9CEE-7EB4A6886613", "33035C31-AC32-560B-920E-F35F908D3422", "33166C3C-EFDD-5C2F-948D-0D1507C677B8", "3326AAE3-AFC2-5A24-9375-0500EC24C4C6", "34F5EFC0-A7B1-55B8-B67D-2731AF8648E1", "4255AF65-1BE3-5436-98DB-31AB4A584BFB", "518966D7-44DC-5965-9610-AD937CB28B8D", "607D402A-F65B-52EA-BA1A-078F8E24D342", "613F7F41-D617-5C65-87E3-7387588128F6", "65AE1999-B8EF-5B5D-96DF-3305D3F7FA7F", "7318717A-803A-5DA1-A642-B1136AD8C4D0", "745AD8DB-84EB-547D-81B9-C52E8D5ED0C2", "750681D3-D676-5097-8E9A-A19C75481BCC", "764C78B9-3D86-5E72-BFB1-847D74E59CD2", "7C47F07C-1DD6-5254-8848-21A3D91457AB", "8CA6E424-C497-5024-A124-D1CFEF406C2B", "8DEA6A03-D2AB-5FF8-91AA-E75640EF27B2", "8F9EE8E9-ED89-51C0-B182-A5C7A801C270", "9B4A2F8B-77CF-5442-95D0-9DC67C6272FE", "AD135964-0DE6-50A7-BF5A-CEFB4EABDC69", "AF560983-0EB2-544A-AB6D-71D2577422AE", "B0843A82-7C48-549A-ADBA-8DEBB90E8C2C", "BAEA91EF-B5E0-5D88-8DBF-CFB2C31C911A", "C35BF4B6-7E2E-5B72-89B5-5978635A2AFF", "D3891A01-54AE-58CE-A2FE-D466E5464774", "D5FD4E34-BEF2-5176-90E9-3FAC423C6C20", "D625197F-57B1-58FC-8663-B22E1B3BD0F5", "D74FD947-ABA2-522E-9E2C-2625E4AF1AE9", "D883E088-1A0F-5C16-B5DA-3DE6004131DA", "E2D09E4E-6145-58C6-9908-2986FF6911FC", "F47672CC-E0D9-5475-A922-50E104099285", "F48EDE4E-AFA7-51B1-AEDB-C4E5F0828BA0", "FEA5EE0D-5909-558F-8947-9AE371C51A08"]}, {"type": "ibm", "idList": ["00B8BFFFE9EC2CDB467AF3D17608DB7C5E49C98591131C859F8ADA15204371EB", "12365E079006AC201EC3CA279F0927477E9103C595244F01496633DFAC47BD20", "25A0DBED89B78DF50B61BAB3CD17473BA97E800A36C56603EFB62BD7C5BF5649", "2CEF62C50CDD94A991768F05F02F6E909CA28C3D65E1DDC9FE44EB80961223F7", "32389A6BDE175BCDB73F1428D3481487894E1BD82D99F1AD2A2247843AF22DA1", "34608F2658210EEB0B8116A6B4A4EC6E543E2ADF1A78C2DA380966C05B70FD9E", "34976823BA0B126E9EA3F4F3FE374E227B40F4161FEB8970200D502A9E80A2AC", "3DAE2966402FC9EF3964BB1CBD0423B6B41F82063D88DBEC5553181EC28439BA", "424F55ED1408595A5BFAE38C420E57106590690CA00FE7636EFDF907823DBE1F", "44A69EA11567E0750ACF5FD0E4D72E54C8638AD050A117AAC04B72C28EBAB210", "580B99132BA6765B368771674D4F7069792D32AE96669CA48218D57B6ACA3D28", "654B944646D89465AA4BA0B13D74A7AFBB0C148D1DA92BC7B3B4F7D65FE40225", "656937FA945DE5E58B9B5C0431A830AA521D479596EA01ACED0A20A166C4E3B3", "6A665BFE089E6915405804A36BDD124C8C3A870E3C583D6B77300AC4A3A92AE5", "755F86BC7892C756F027C23A1344269CD4BF6264BC440484EDC82EBBF930B4D2", "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "7C5451969551322B10C02D39A8205047791F77289C2CE11B04A515BC58230E66", "82230211773759901439D35AF05865DE2C30B55D541BFF911666C65FCBAFF9C7", "850C6C3C2C42EBAE446DDBB4AF0C72F8C5CDD84EAB6B13A3488C5210D28D653F", "8DF16E055D5F017E67FEE78F3FE1D3465041DD9EFC6DCA7931C2BB196F4A7FC6", "92C2D58DB9DA7102D7F9C515B4EE2CED16C0735F48AA49B707B24837E12E16B9", "9FF827E2FD54F19DA755A2B6208A2EC7D3AE8D60BF765D40D030A7C7CEF95C29", "A103950266161AA2446D19710AACADE03B4ED20EDD774E62718375E1DC606996", "A331C0945CDBE1AC5E6D6A21635B7D8AAED2D3A49D039FF6AAED7021332996D5", "A597DC3926D1E82617A7803B2822066678589921F14735C4B78024B984B37096", "A94E068C24C78B4A5B7961358AECEA5B087FDEC7BD8E653A9BF42BA988AF25EA", "BB9DB44BB01E7993D7CD15BC25628599D706DF5EBDF4A344890D9E1A74F90F9B", "BFA4C81B5055BBA91E61D5C46CCD068FAC42B3D6AFF17FD091C379441B560C36", "CE7D5A1D0996FFAC3B1D8B653E0D11581F2B40F4522A074649FEF0017143DE02", "CFE4D6ABBC0381B7DDEFF8F8C420DA397822BD8B3C3A033362B2C2EA2940A58E", "D217E46A21D57F6E2A2BF7B705F5AB42A912E70179C85B686B09E652D0CFD1B3", "F6088BD6568A127FF599809D58FBD062FEE6F5AC7C5BBEB44B9618DF2B1B65EA", "F9D06594A00624E53C29A51D70903B1B9259203EE3DF4AB0E886987AC14CFC1A", "FE3ECC02D6131D037DB72CD71278183A707DC57C21C726BB8037F95488CB8384", "FEEE7E44848395185302072C2C3A802B7BC1586175DAEA0309080F01A6101BF4"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:93D7B86DA68A59A0F7393E419CB28BC9"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76507BEC16415E561E1D404B470453DC"]}, {"type": "nessus", "idList": ["APACHE_COMMONS_TEXT_1_10_0.NASL", "GENTOO_GLSA-202301-05.NASL", "NUTANIX_NXSA-AOS-6_6.NASL", "ORACLE_BI_PUBLISHER_OAS_CPU_JAN_2023.NASL", "ORACLE_OBIEE_CPU_APR_2023_OAS.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2023.NASL", "ORACLE_RDBMS_CPU_JAN_2023.NASL", "ORACLE_RDBMS_CPU_JAN_2023_WIN.NASL", "ROCKY_LINUX_RLSA-2023-2097.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2023", "ORACLE:CPUJAN2023"]}, {"type": "osv", "idList": ["OSV:GHSA-599F-7C49-W659", "OSV:GHSA-7W4X-4H67-PGMV", "OSV:GHSA-FPH9-F5R6-VHQF"]}, {"type": "paloalto", "idList": ["PA-CVE-2022-42889"]}, {"type": "prion", "idList": ["PRION:CVE-2022-25897", "PRION:CVE-2022-31684", "PRION:CVE-2022-42889"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0FD849F43C100CDD6B5098B03FFC4F63", "QUALYSBLOG:3F273F13C86516B494271DB7BE04A954", "QUALYSBLOG:5A5DF56C2B4E5DB4176574A83F54FECB", "QUALYSBLOG:9B8CC75487EDC5E128C015F414259508"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:03100EF4E147989C00719DBF6E752AD3", "RAPID7BLOG:F7BA3352D40FAE34A5EC64E58595ED85"]}, {"type": "redhat", "idList": ["RHSA-2022:8652", "RHSA-2022:8876", "RHSA-2022:9023", "RHSA-2023:0261", "RHSA-2023:0469", "RHSA-2023:1006", "RHSA-2023:1524", "RHSA-2023:1525", "RHSA-2023:1655", "RHSA-2023:1656", "RHSA-2023:1866", "RHSA-2023:2097", "RHSA-2023:2135", "RHSA-2023:3195", "RHSA-2023:3198", "RHSA-2023:3296", "RHSA-2023:3299", "RHSA-2023:4612", "RHSA-2023:6171", "RHSA-2023:6172", "RHSA-2023:6179"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-25897", "RH:CVE-2022-31684", "RH:CVE-2022-42889"]}, {"type": "redos", "idList": ["ROS-20230922-01"]}, {"type": "rocky", "idList": ["RLSA-2023:2097"]}, {"type": "spring", "idList": ["SPRING:4476A5A719C3A5E774CC8572DD533037", "SPRING:45D3933D179BF6A9195A0A888C09709D"]}, {"type": "thn", "idList": ["THN:CD02CBB44D60CC52E4B65C0B87E2163C"]}, {"type": "trellix", "idList": ["TRELLIX:2190FF6CC59F0018181B8146CC20B06D"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-42889"]}, {"type": "veracode", "idList": ["VERACODE:36986", "VERACODE:37569", "VERACODE:37637"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:51299F00F44A6AACB071EB782EBA332E", "WALLARMLAB:8383499ED724C06A048699BABC906127"]}, {"type": "wordfence", "idList": ["WORDFENCE:107445D672F037011ADA9A0DA9FB8292"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-25897", "epss": 0.00054, "percentile": 0.19683, "modified": "2023-05-02"}, {"cve": "CVE-2022-31684", "epss": 0.00044, "percentile": 0.10582, "modified": "2023-05-02"}, {"cve": "CVE-2022-42889", "epss": 0.85933, "percentile": 0.98011, "modified": "2023-05-02"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1701890469, "score": 1701881981, "epss": 0}, "_internal": {"score_hash": "2d62baa3c5c1845853d12069916c8774"}, "affectedPackage": [], "vendorCvss": {"severity": "moderate"}}

{"redhatcve": [{"lastseen": "2023-12-06T17:38:46", "description": "A flaw was found in the Eclipse Milo SDK Server. This flaw allows an attacker to consume the application memory, leading to a denial of service by sending specific requests.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-19T14:47:27", "type": "redhatcve", "title": "CVE-2022-25897", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25897"], "modified": "2023-10-13T01:33:43", "id": "RH:CVE-2022-25897", "href": "https://access.redhat.com/security/cve/cve-2022-25897", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T17:37:56", "description": "A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-11-09T14:56:28", "type": "redhatcve", "title": "CVE-2022-31684", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31684"], "modified": "2023-11-09T01:34:35", "id": "RH:CVE-2022-31684", "href": "https://access.redhat.com/security/cve/cve-2022-31684", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:38:12", "description": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.\n#### Mitigation\n\nThis flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-17T16:42:02", "type": "redhatcve", "title": "CVE-2022-42889", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-12-04T18:34:30", "id": "RH:CVE-2022-42889", "href": "https://access.redhat.com/security/cve/cve-2022-42889", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-06T15:25:32", "description": "The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-08T05:15:00", "type": "cve", "title": "CVE-2022-25897", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25897"], "modified": "2022-09-13T20:17:00", "cpe": [], "id": "CVE-2022-25897", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25897", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-12-06T15:51:36", "description": "Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-19T22:15:00", "type": "cve", "title": "CVE-2022-31684", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31684"], "modified": "2022-10-21T18:08:00", "cpe": ["cpe:/a:pivotal:reactor_netty:1.0.23"], "id": "CVE-2022-31684", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31684", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:pivotal:reactor_netty:1.0.23:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-06T16:39:59", "description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T13:15:00", "type": "cve", "title": "CVE-2022-42889", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-17T16:47:00", "cpe": ["cpe:/a:netapp:bluexp:-", "cpe:/a:juniper:security_threat_response_manager:7.5.0"], "id": "CVE-2022-42889", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42889", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up1:*:*:*:*:*:*", "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up2:*:*:*:*:*:*", "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:security_threat_response_manager:7.5.0:up3:*:*:*:*:*:*"]}], "osv": [{"lastseen": "2023-04-11T01:47:04", "description": "Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-20T12:00:17", "type": "osv", "title": "Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-31684"], "modified": "2023-04-11T01:47:01", "id": "OSV:GHSA-7W4X-4H67-PGMV", "href": "https://osv.dev/vulnerability/GHSA-7w4x-4h67-pgmv", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-04-11T01:17:17", "description": "### Impact\n\nDenial of Service\n\n### Details\n\nOPC UA specification describes a concept named _Subscriptions_. _Subscriptions_ monitor a set of _Monitored Items_ for _Notifications_ and return them to the _Client_ in response to _Publish_ requests. The server notifies the client about changes only in case the value is changed. Each monitored item is configured on a subscription, each subscription is linked to a single OPC UA session. Most OPC UA implementations set many controls and limitations for excessive memory consumption. For example:\n\n* What is the maximum allowed number of concurrent sessions\n* For each active sessions - what is the maximum allowed number of concurrent subscription per a single session\n* For each active subscription - what is the maximum allowed number of concurrent monitored items per a single subscription\n\nClarity Research discovered a unique way to bypass those restrictions and fill up the OPC UA server process memory.\n\nThe close session request closes a connected session. A `deleteSubscription` flag is also sent in that message and determines whether the server should save the subscriptions for a future session reconnection or discard them upon session termination. If the `deleteSubscription` flag is `False` the server will store the subscriptions thus filling up the memory in an unlimited manner.\n\nSending multiple subscribe requests with multiple monitored items from multiple sessions will quickly fill up the process memory until the server crashes.\n\nTo trigger this bug all is needed is to create many sessions with subscriptions and monitored items without ever deleting the monitored items. Eventually these allocations will consume all the available process memory which will lead to a crash and denial of service condition.\n\nClarity PoC does:\n```\nwhile True:\n Open a valid OPC UA session\n Create multiple subscriptions\n Add monitored items to each subscription\n Close the session with the DeleteSubscriptions flag = False\n````\n\n### Acknowledgement\n\nWe would like to thanks Vera Mens, Uri Katz, @sharonbrizinov of Team82 ([Claroty Research](https://claroty.com/)) for this report.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Eclipse Milo repository](https://github.com/eclipse/milo/issues)\n* Email us at [milo-dev](https://accounts.eclipse.org/mailing-list/milo-dev)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-15T03:35:46", "type": "osv", "title": "Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-25897"], "modified": "2023-04-11T01:17:14", "id": "OSV:GHSA-FPH9-F5R6-VHQF", "href": "https://osv.dev/vulnerability/GHSA-fph9-f5r6-vhqf", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-12T22:16:13", "description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T19:00:17", "type": "osv", "title": "Arbitrary code execution in Apache Commons Text", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-06-12T22:15:49", "id": "OSV:GHSA-599F-7C49-W659", "href": "https://osv.dev/vulnerability/GHSA-599f-7c49-w659", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-10-22T20:25:06", "description": "reactor-netty is vulnerable to information disclosure. A remote attacker is able to request log headers in some cases of invalid HTTP requests which may reveal valid access tokens when WARN level is enabled, resulting in disclosure of sensitive information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-21T08:04:34", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31684"], "modified": "2022-10-24T18:42:06", "id": "VERACODE:37637", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37637/summary", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-06-14T20:03:14", "description": "sdk-server is vulnerable to denial of service. The vulnerability exists because the maximum number of monitored items per session does not properly configure in the `getMaxMonitoredItems` function of `OpcUaServerConfigLimits.java`, allowing an attacker to cause an application crash by sending multiple `CloseSession` requests with the delete subscription parameter equal to false\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-09T02:16:34", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25897"], "modified": "2023-04-27T15:39:40", "id": "VERACODE:36986", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36986/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-07-19T02:07:24", "description": "Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the `lookup` module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T18:57:11", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-05-30T04:46:50", "id": "VERACODE:37569", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37569/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "spring": [{"lastseen": "2022-10-25T02:40:16", "description": "Hi, Spring fans! Welcome to another installment of _This Week in Spring_! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was _amazing_! I'm in sunny Singapore, then off to Malaysia and Thailand. It's the first time I've been to any of these places since 2019! How good it is to be back! I've so missed it.\n\nThe Spring team is busy preparing for both Spring Boot 3 (and the Spring Framework 6 release that underpins it) and SpringOne 2022. Have you booked your ticket for SpringOne 2022 yet? It's going to be held in sunny San Francisco, and - of course - it'll be the absolute best place to learn about Spring Framework 6, Spring Boot 3, GraalVM, the new Ahead-of-time compilation engine in Spring Boot 3, and more. Also, it's a rare chance to hang out with the Spring team proper. It's been years since any of us has had the chance to do that, myself included! Don't miss this! Register now, and get a $200 discount using the following code: `S1VM22_Advocate_200`.\n\nAlso, the full content schedule is now available online! [Check it out](<https://springone.io>)\n\nAnyway, with that out of the way, we've got a _lot_ to cover this week, so let's dive right into it!\n\n * [A Bootiful Podcast: Microsoft's Asir Selvasingh on Azure Spring Apps, Java at Microsoft, application security, and more](<https://spring.io/blog/2022/10/20/a-bootiful-podcast-microsoft-s-asir-selvasingh-on-azure-spring-apps-java-at-microsoft-application-security-and-more>)\n * This one is especially important: [CVE-2022-31684: Reactor Netty HTTP Server may log request headers](<https://spring.io/blog/2022/10/20/cve-2022-31684-reactor-netty-http-server-may-log-request-headers>)\n * [Deploy Your Spring Boot (Java) Apps To Production In Seconds! - YouTube](<https://www.youtube.com/watch?v=LjUbSiIWUNw>)\n * [Guide to Simple Binary Encoding](<https://feeds.feedblitz.com/~/716762110/0/baeldung~Guide-to-Simple-Binary-Encoding>)\n * [High Cardinality - DevelOtters.com](<https://develotters.com/posts/high-cardinality/>)\n * [How to Resolve Spring Webflux DataBufferLimitException](<https://feeds.feedblitz.com/~/715972472/0/baeldung~How-to-Resolve-Spring-Webflux-DataBufferLimitException>)\n * [IntelliJ IDEA 2022.2 EAP 5: Support for Spring 6 and Spring Boot 3 Features, Enhanced HTTP Client, Kubernetes Updates and More ](<https://blog.jetbrains.com/idea/2022/06/intellij-idea-2022-2-eap-5/>)\n * [Introducing Spring Modulith](<https://spring.io/blog/2022/10/21/introducing-spring-modulith>)\n * [Spring Batch 5.0 RC1 is out!](<https://spring.io/blog/2022/10/20/spring-batch-5-0-rc1-is-out>)\n * [Spring Boot 2.6.13 available now](<https://spring.io/blog/2022/10/20/spring-boot-2-6-13-available-now>)\n * [Spring Boot 2.7.5 available now](<https://spring.io/blog/2022/10/20/spring-boot-2-7-5-available-now>)\n * [Spring Boot 3.0.0-RC1 available now](<https://spring.io/blog/2022/10/20/spring-boot-3-0-0-rc1-available-now>)\n * [Spring Boot Best Practices for Developers](<https://medium.com/@raviyasas/spring-boot-best-practices-for-developers-3f3bdffa0090>)\n * [Spring Framework 6.0.0-RC2 available now](<https://spring.io/blog/2022/10/20/spring-framework-6-0-0-rc2-available-now>)\n * [Spring Security 5.7.4 and 5.6.8 available now](<https://spring.io/blog/2022/10/18/spring-security-5-7-4-and-5-6-8-available-now>)\n * [Spring Security 6.0.0-RC1 and 5.8.0-RC1 are released](<https://spring.io/blog/2022/10/18/spring-security-6-0-0-rc1-and-5-8-0-rc1-are-released>)\n * [Spring Web Services 4.0.0-RC1 is out!](<https://spring.io/blog/2022/10/18/spring-web-services-4-0-0-rc1-is-out>)\n * [Spring for GraphQL 1.1.0-RC1 released](<https://spring.io/blog/2022/10/18/spring-for-graphql-1-1-0-rc1-released>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-24T07:00:00", "type": "spring", "title": "This Week in Spring - October 25th, 2022", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-31684"], "modified": "2022-10-24T07:00:00", "id": "SPRING:45D3933D179BF6A9195A0A888C09709D", "href": "https://spring.io/blog/2022/10/24/this-week-in-spring-october-25th-2022", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-21T22:39:45", "description": "The Reactor Netty 1.0.24 release on [October 11](<https://github.com/reactor/reactor-netty/releases/tag/v1.0.24>) included fix for [CVE-2022-31684](<https://tanzu.vmware.com/security/cve-2022-31684>) affecting Reactor Netty HTTP Server. \nUsers are encouraged to update as soon as possible.\n\nReactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. \nIf you have a Spring Boot application, you can upgrade to Reactor BOM 2020.0.24.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-20T12:45:00", "type": "spring", "title": "CVE-2022-31684: Reactor Netty HTTP Server may log request headers", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-31684"], "modified": "2022-10-20T12:45:00", "id": "SPRING:4476A5A719C3A5E774CC8572DD533037", "href": "https://spring.io/blog/2022/10/20/cve-2022-31684-reactor-netty-http-server-may-log-request-headers", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-11-20T23:30:31", "description": "The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-08T05:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25897"], "modified": "2022-09-13T20:17:00", "id": "PRION:CVE-2022-25897", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-25897", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-20T23:39:05", "description": "Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-19T22:15:00", "type": "prion", "title": "Cross site request forgery (csrf)", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31684"], "modified": "2022-10-21T18:08:00", "id": "PRION:CVE-2022-31684", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-31684", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-20T23:53:24", "description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T13:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-17T16:47:00", "id": "PRION:CVE-2022-42889", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-42889", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2023-12-06T17:27:30", "description": "### Impact\n\nDenial of Service\n\n### Details\n\nOPC UA specification describes a concept named _Subscriptions_. _Subscriptions_ monitor a set of _Monitored Items_ for _Notifications_ and return them to the _Client_ in response to _Publish_ requests. The server notifies the client about changes only in case the value is changed. Each monitored item is configured on a subscription, each subscription is linked to a single OPC UA session. Most OPC UA implementations set many controls and limitations for excessive memory consumption. For example:\n\n* What is the maximum allowed number of concurrent sessions\n* For each active sessions - what is the maximum allowed number of concurrent subscription per a single session\n* For each active subscription - what is the maximum allowed number of concurrent monitored items per a single subscription\n\nClarity Research discovered a unique way to bypass those restrictions and fill up the OPC UA server process memory.\n\nThe close session request closes a connected session. A `deleteSubscription` flag is also sent in that message and determines whether the server should save the subscriptions for a future session reconnection or discard them upon session termination. If the `deleteSubscription` flag is `False` the server will store the subscriptions thus filling up the memory in an unlimited manner.\n\nSending multiple subscribe requests with multiple monitored items from multiple sessions will quickly fill up the process memory until the server crashes.\n\nTo trigger this bug all is needed is to create many sessions with subscriptions and monitored items without ever deleting the monitored items. Eventually these allocations will consume all the available process memory which will lead to a crash and denial of service condition.\n\nClarity PoC does:\n```\nwhile True:\n Open a valid OPC UA session\n Create multiple subscriptions\n Add monitored items to each subscription\n Close the session with the DeleteSubscriptions flag = False\n````\n\n### Acknowledgement\n\nWe would like to thanks Vera Mens, Uri Katz, @sharonbrizinov of Team82 ([Claroty Research](https://claroty.com/)) for this report.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Eclipse Milo repository](https://github.com/eclipse/milo/issues)\n* Email us at [milo-dev](https://accounts.eclipse.org/mailing-list/milo-dev)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-15T03:35:46", "type": "github", "title": "Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25897"], "modified": "2023-02-02T05:10:07", "id": "GHSA-FPH9-F5R6-VHQF", "href": "https://github.com/advisories/GHSA-fph9-f5r6-vhqf", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T17:27:24", "description": "Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-10-20T12:00:17", "type": "github", "title": "Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31684"], "modified": "2023-02-03T05:00:51", "id": "GHSA-7W4X-4H67-PGMV", "href": "https://github.com/advisories/GHSA-7w4x-4h67-pgmv", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:27:26", "description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T19:00:17", "type": "github", "title": "Arbitrary code execution in Apache Commons Text", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-06-12T22:02:11", "id": "GHSA-599F-7C49-W659", "href": "https://github.com/advisories/GHSA-599f-7c49-w659", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2022-10-21T02:05:33", "description": "# cve-2022-42889-scanner\nEsta herramienta te ayudar\u00e1 a buscar la...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-20T18:37:16", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-21T00:13:02", "id": "D625197F-57B1-58FC-8663-B22E1B3BD0F5", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:57:54", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-21T08:15:19", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-05-05T13:36:18", "id": "09EAB54B-BFAE-5C0C-BC02-4477C25F4F7A", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:06:52", "description": "## Quickstart\n\n```bash\nsudo apt install golang\n```\n\nTo run like ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-09T12:11:36", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-11T00:54:20", "id": "1E07DA09-0DAC-5604-9D63-4F46925C454B", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:43:04", "description": "# Text4Shell Demo\nThis demo shows how you can use Sigstore to va...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-17T21:49:13", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-25T19:42:37", "id": "750681D3-D676-5097-8E9A-A19C75481BCC", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:50:56", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-07T07:19:49", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-07T07:39:20", "id": "34F5EFC0-A7B1-55B8-B67D-2731AF8648E1", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:46:41", "description": "# text4shellburpscanner\n\n\u672c\u9879\u76ee\u57fa\u4e8e[log4j2burpscanner](https://github...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-09T08:18:19", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-08-09T17:41:46", "id": "F48EDE4E-AFA7-51B1-AEDB-C4E5F0828BA0", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:05", "description": "# Text4ShellPayloads\n- This project includes a python script...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-21T19:41:56", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-24T20:21:47", "id": "65AE1999-B8EF-5B5D-96DF-3305D3F7FA7F", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:49", "description": "# CVE-2022-42889 Test application\n\nThis repository contains a si...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T22:56:12", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-19T22:59:21", "id": "33035C31-AC32-560B-920E-F35F908D3422", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:56:10", "description": "# CVE-2022-42889-POC\nA simple demo application that shows how to...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T23:15:40", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-03-31T09:41:20", "id": "8F9EE8E9-ED89-51C0-B182-A5C7A801C270", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-10-17T20:04:05", "description": "# CVE-2022-42889-MASS-RCE (another LOG4SHELL)\nMass exploitation ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-17T18:33:58", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-17T18:56:57", "id": "FEA5EE0D-5909-558F-8947-9AE371C51A08", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:46", "description": "<h1 align=\"center\">text4shell-scan</h1>\n<h4 align=\"center\">A ful...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T20:14:22", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-28T11:43:30", "id": "745AD8DB-84EB-547D-81B9-C52E8D5ED0C2", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:54", "description": "# CVE-2022-42889 PoC Test Application\nThis is a vulnerable appli...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-20T18:07:25", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-28T11:43:31", "id": "2032BDAC-3EAE-5577-8733-6374B9CA624A", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:16", "description": "# CVE-2022-42889\nPython script for CVE-2022-42889\n\nTo test this ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-22T02:06:40", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-25T07:40:16", "id": "2F0EFF8D-6549-5E08-9CEE-7EB4A6886613", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:13:08", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-08T02:47:55", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-08T02:48:07", "id": "7C47F07C-1DD6-5254-8848-21A3D91457AB", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:12:15", "description": "# CVE-2022-42889-POC\nA simple demo application that shows how to...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-04T20:08:08", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-19T05:53:19", "id": "D3891A01-54AE-58CE-A2FE-D466E5464774", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:50:55", "description": "# CVE-2022-42889-PoC\n\nProof of Concept for CVE-2022-42889 remote...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-04T19:26:23", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-08T18:09:37", "id": "BAEA91EF-B5E0-5D88-8DBF-CFB2C31C911A", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:40:32", "description": "# CVE-2022-42889 (Text4Shell) Testing Script\n\nThis repository co...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-27T08:29:24", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-30T10:08:31", "id": "D74FD947-ABA2-522E-9E2C-2625E4AF1AE9", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:57", "description": "# CVE-2022-42889-text4shell \ud83d\udd25\ud83d\udd25\ud83d\udd25\nApache commons text - CVE-2022-...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-19T11:49:08", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-29T06:31:19", "id": "518966D7-44DC-5965-9610-AD937CB28B8D", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:56:24", "description": "# cve-2022-42889\n\n\ncve-2022-42889 Text4Shell affects Apache Comm...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T13:53:55", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-28T11:43:29", "id": "33166C3C-EFDD-5C2F-948D-0D1507C677B8", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:55:20", "description": "# CVE-2022-42889 PoC\nThis is Proof of Concept for the vulnerabil...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-17T18:50:36", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-29T03:14:50", "id": "8DEA6A03-D2AB-5FF8-91AA-E75640EF27B2", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:07", "description": "# CVE-2022-42889 Test application\n\nThis repository contains a si...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-21T13:48:04", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-24T03:11:46", "id": "02581350-72A7-51B5-AAEF-7A49545171B7", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:53:29", "description": "# Scanner for CVE-2022-42889 (Text4Shell)\n\n## Description\nThis i...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-23T09:45:41", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-17T02:29:52", "id": "764C78B9-3D86-5E72-BFB1-847D74E59CD2", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T17:58:04", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-22T17:17:26", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-22T17:17:44", "id": "7318717A-803A-5DA1-A642-B1136AD8C4D0", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:07:35", "description": "## Quickstart\n\n```bash\nsudo apt install golang\n```\n\nTo run like ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-09T12:11:36", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-11T00:54:20", "id": "D883E088-1A0F-5C16-B5DA-3DE6004131DA", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:09:27", "description": "## Quickstart\n\n```bash\nsudo apt install golang\n```\n\nTo run like ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-09T12:11:36", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-11T00:54:20", "id": "00749911-992D-503A-A3C6-5CAD015411AA", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:55:31", "description": "# CVE-2022-42889 Test application\n\nThis repository contains a si...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-17T16:07:50", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-03-28T11:55:16", "id": "2BF0165D-3519-53A6-99F6-B53E05328F14", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:11:08", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-09T04:09:34", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-09T04:09:46", "id": "4255AF65-1BE3-5436-98DB-31AB4A584BFB", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:40:25", "description": "# CVE-2022-42889 (Text4Shell) Testing Script\n\nThis repository co...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-27T08:29:24", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-30T10:08:31", "id": "054C1FDD-1E91-51CC-BA56-40200C2951B0", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T18:53:52", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-22T06:57:55", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-05-23T07:32:45", "id": "B0843A82-7C48-549A-ADBA-8DEBB90E8C2C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:51:20", "description": "# CVE-2022-42889-PoC\n\nProof of Concept for CVE-2022-42889 remote...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-04T19:26:23", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-08T18:09:37", "id": "15920FC5-2EF1-5D1B-81C1-361E8B248365", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:53:32", "description": "Apache Commons Text CVE-2022-42889\n=============================...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-23T08:33:02", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-12-04T18:13:18", "id": "083A4069-0A97-552C-A032-A36A52493F19", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:47:29", "description": "# Text4shell-exploit\nThis is a Proof of Concept exploiting the v...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-07T17:58:59", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-28T11:44:15", "id": "607D402A-F65B-52EA-BA1A-078F8E24D342", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-04-21T08:12:02", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-21T08:06:26", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-21T08:06:51", "id": "9B4A2F8B-77CF-5442-95D0-9DC67C6272FE", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:12:36", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-18T14:49:45", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-18T15:01:22", "id": "AD135964-0DE6-50A7-BF5A-CEFB4EABDC69", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:51:21", "description": "# CVE 2022-42889\n\n[This](https://raw.githubuserconten...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-05T14:08:18", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-10-05T18:41:02", "id": "1EB54D78-2208-5730-9FE6-08089B645BAE", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-10-19T08:04:00", "description": "# CVE-2022-42889\nCVE-2022-42889 Remote Code Exeuction Vulnerabil...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T19:37:40", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-19T06:14:54", "id": "AF560983-0EB2-544A-AB6D-71D2577422AE", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:55:20", "description": "# Commons-Text Goat\n\nThis is a webapp that is intentionally vuln...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T08:22:55", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-23T11:42:26", "id": "D5FD4E34-BEF2-5176-90E9-3FAC423C6C20", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:55:22", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T09:58:00", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-29T07:27:11", "id": "23203F28-B763-5ADA-A7C0-04A27BF1C406", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:53:40", "description": "# CVE-2022-42889-POC\nProof of Concept for the Apache commons-tex...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-23T05:48:48", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-06-26T19:23:44", "id": "E2D09E4E-6145-58C6-9908-2986FF6911FC", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:26", "description": "# CVE-2022-42889 PoC\nText4Shell PoC Exploit, with ability to set...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-24T15:28:02", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-29T04:49:07", "id": "C35BF4B6-7E2E-5B72-89B5-5978635A2AFF", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:54:42", "description": "# CVE-2022-42889 aka text4shell\n\nPoC for recently discovered [vu...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-23T13:42:23", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-11-30T05:27:36", "id": "F47672CC-E0D9-5475-A922-50E104099285", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:11:41", "description": "### Install maven - [maven-linux](https://www.digitalocean.com/c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-19T19:49:41", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-03-26T07:35:15", "id": "12870977-FE3C-5883-A821-D1A91690E366", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:27:58", "description": "# text4shell\nA demonstration of CVE-2022-42889 (tex...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-01T20:56:37", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-03-01T20:57:17", "id": "8CA6E424-C497-5024-A124-D1CFEF406C2B", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:51:20", "description": "# CVE-2022-42889 (a.k.a. Text4Shell) RCE Proof of Concept\n\n![ima...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-05T07:32:51", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-08-29T21:03:39", "id": "3326AAE3-AFC2-5A24-9375-0500EC24C4C6", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-12-06T19:24:47", "description": "# Text4Shell CVE-2022-42889\n\n## Docker Lab for CVE-2022-42889\n\n>...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-28T00:32:01", "type": "githubexploit", "title": "Exploit for Code Injection in Apache Commons Text", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-02-28T01:34:25", "id": "613F7F41-D617-5C65-87E3-7387588128F6", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "wallarmlab": [{"lastseen": "2022-10-18T06:05:29", "description": "Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. \n\nThe Apache Foundation published a vulnerability in the Apache Commons Text project code and published a message to this effect in the [project's mailing list](<https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om>) on October 13th, an official date of birth of Text4Shell vulnerability.\n\nThis is an SSTI, Server-Side Template Injection issue with a payload that looks really similar to Log4Shell:\n \n \n ${script:javascript:java.lang.Run.Runtime.getRuntime().exec(\"cat /etc/shadow\");}\n\nAs you can see, the macros Injection, or a template starts with ${ allows an attackers to inject arbitrary code by calling different Java class methods. \n\nWallarm Security Team recommends instantly updating the vulnerable library. The priority action is to update Apache Commons Text to version 1.10.0, via the usual package managers or a direct download from <https://commons.apache.org/proper/commons-text/download_text.cgi>.\n\nAll [Wallarm API security and WAAP](<https://www.wallarm.com/request-demo>) customers already got protection against CVE-2022-42889 while using the product in a blocking mode. \n\nWAF signatures are not effective against CVE-2022-42889 due to many possible obfuscations in template injection syntaxes and using different gadgets and gadgets chains of Java objects by attackers. \n\nReferences: <https://nvd.nist.gov/vuln/detail/CVE-2022-42889#vulnCurrentDescriptionTitle>\n\nThe post [New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889](<https://lab.wallarm.com/new-text2shell-rce-vulnerability-in-apache-common-texts-cve-2022-42889/>) appeared first on [Wallarm](<https://lab.wallarm.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T05:02:38", "type": "wallarmlab", "title": "New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-18T05:02:38", "id": "WALLARMLAB:51299F00F44A6AACB071EB782EBA332E", "href": "https://lab.wallarm.com/new-text2shell-rce-vulnerability-in-apache-common-texts-cve-2022-42889/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-31T16:21:11", "description": "We\u2019re pleased to present the latest quarterly review and analysis of API vulnerabilities and exploits. This time, we\u2019re going to split our discussion into two parts: today this quarterly review, and soon hereafter our year-in-review report.\n\nThe **[Q4-2022 ThreatStats\u2122 Report infographic](<https://hubspot.wallarm.com/hubfs/Q4%20API%20ThreatStats\$TM\$%20infographic.pdf>)** is entitled \u201cMind the API Time-to-Exploit Gap\u201d because we found a startling negative change in the time between an API CVE being published (which is when most of us find out about a vulnerability) and an associated exploit POC (proof of concept) being published. In addition, we saw that Injection vulnerabilities ([API8:2019](<https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa8-injection.md>)) overshadow the rest of the [OWASP API Security Top-10 risk categories](<https://owasp.org/www-project-api-security/>), and that vulnerabilities in Open Source Software (OSS) dominate the CVEs analyzed.\n\nJust as last quarter, there\u2019s a lot more to these data than is apparent on the surface. So, let\u2019s dig into each of the key findings, and then explore the most impactful API CVEs we saw in Q4-2022.\n\n**Overview**\n\nBut first, let\u2019s look at all the API vulnerabilities analyzed in Q4-2022. As in Q3, we see minimal changes in the data pool from the previous quarter:\n\n * No. of Vulnerabilities \u2013 up to 213 in Q4, from 203 in Q3 (+5% increase)\n * No. of Vendors \u2013 down to 122 in Q4, from 129 in Q3 (-5% decrease)\n * Pct. of Critical & High rated vulnerabilities \u2013 again holding steady at 57% of total\n\n**Exploits**\n\nThe time-to-exploit has now gone negative: the data show that on average exploit POCs are published about **three (3) days before** the CVE is issued. This compares to an average of **four (4) days after** in Q3 and **58 days after** in Q2. [We did not collect this data in Q1.]\n\n![](https://i0.wp.com/lab.wallarm.com/wp-content/uploads/2023/02/image.png?resize=719%2C408&ssl=1)\n\nEqually interesting is the total time span \u2013 from 557 days before the CVE is published to 322 days after, which is both a huge jump from previous quarters and probably (we hope) not the norm going forward. Regardless, take together these stats suggest your time to react to a published API vulnerability needs to be at Olympic levels. Clearly, proactive real-time protection is required.\n\n**Injection Vulnerabilities**\n\nAgain we see this class of vulnerabilities ([API8:2019](<https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa8-injection.md>)) dominate the API threat landscape in Q4-2022. These jumped to about 45% all vulnerabilities in Q4 \u2013 the highest levels seen in 2022 \u2013 from about 34% of in Q3.\n\n![](https://i0.wp.com/lab.wallarm.com/wp-content/uploads/2023/02/image-2.png?resize=770%2C362&ssl=1)\n\nAnd digging deeper, we again see that this category is made up of many variants \u2013 19 different injection types are covered in the Q4-2022 data, which maps to 18 different CWEs. [Note that some numerical discrepancies exist because the CWE assessment on late breaking CVEs was not complete at the time our data snapshot was taken.]\n\n![Table showing distribution of injection vulnerability types ](https://i0.wp.com/lab.wallarm.com/wp-content/uploads/2023/02/Screenshot-2023-02-22-at-06.52.55.png?resize=679%2C289&ssl=1)\n\nHence, we suggest that your API vulnerability management (VM) program needs to focus on injections \u2013 not only because of the sheer number of injection vulnerabilities being found, and all the variants, but also because it seems we\u2019re seeing a trend develop.\n\n**Open-Source Vulnerabilities**\n\nOne area of interest all year has been whether open-source APIs are more secure because of the \u201cmany eyes\u201d notion (aka [Linus\u2019s Law](<https://en.wikipedia.org/wiki/Linus%27s_law>)). The Q4-2022 data suggest that, at best, we\u2019re in the discovery phase: the number of open-source API vulnerabilities has now reached 67% of all reported vulnerabilities analyzed, a continuation of a trend we\u2019ve seen over the entire year.\n\n![Breakdown of Q4-2022 API CVEs by type \$open-source vs. commercial products\$ and category \$enterprise HW / SW, SaaS / web services, dev tools, and cloud platforms\$](https://i0.wp.com/lab.wallarm.com/wp-content/uploads/2023/02/Frame-5335.png?resize=549%2C408&ssl=1)\n\nTwo other OSS-related findings come out as we torture the data a bit more:\n\n * In Q4 we see a convergence in the Dev Tools and Enterprise HW / SW categories, at about 46% each, as opposed to the 52% / 37% split we saw in Q3. The remainder are in the SaaS / Web Services and Cloud Platforms categories.\n * In Q4 we see that 69% of all exploit POCs released focused on OSS products, versus 80% in Q3 (albeit from a much smaller basis).\n\n**Most Impactful API Vulnerabilities**\n\nThere are many ways to assess and triage API vulnerabilities for remediation \u2013 by CVSS score, by type, by CWE, _et cetera_. But, as we have in all our past reports, we recommend you consider bringing these top API vulnerabilities to the fore, based on severity, ubiquity and potential impact.\n\n**Vendor / Product**| **CVE**| **CVSS**| **CWE** \n---|---|---|--- \nGitLab CE/EE API| [CVE-2022-2992](<https://nvd.nist.gov/vuln/detail/CVE-2022-2992>)| 9.9| CWE-77 \nFortinet FortiOS, FortiProxy, ForetiSwitchManager| [CVE-2022-40684](<https://nvd.nist.gov/vuln/detail/CVE-2022-40684>)| 9.8| CWE-306 \nApache Commons Text| [CVE-2022-42889](<https://nvd.nist.gov/vuln/detail/cve-2022-42889>)| 9.8| CWE-94 \nHasura GraphQL Engine| [CVE-2022-46792](<https://nvd.nist.gov/vuln/detail/CVE-2022-46792>)| 8.8| CWE-732 \nStarWind Command Center| [CVE-2022-23858](<https://nvd.nist.gov/vuln/detail/CVE-2022-23858>)| 8.8| n/a \npgAdmin server| [CVE-2022-4223](<https://nvd.nist.gov/vuln/detail/CVE-2022-4223>)| 8.8| CWE-94 \nGrafana| [CVE-2022-31130](<https://nvd.nist.gov/vuln/detail/CVE-2022-31130>)| 7.5| CWE-522 \nMetabase| [CVE-2022-43776](<https://nvd.nist.gov/vuln/detail/CVE-2022-43776>)| 6.5| CWE-918 \nGitLab CE/EE API| [CVE-2022-3018](<https://nvd.nist.gov/vuln/detail/CVE-2022-3018>)| 4.9| CWE-668 \nGitLab CE/EE API| [CVE-2022-3325](<https://nvd.nist.gov/vuln/detail/CVE-2022-3325>)| 4.3| CWE-732 \n \nFor more details on these Q4 API vulnerabilities deemed most impactful, see the [infographic](<https://hubspot.wallarm.com/hubfs/Q4%20API%20ThreatStats\$TM\$%20infographic.pdf>).\n\n**Infographic**\n\nFor more highlights from our latest vulnerability analysis, take a look at the **[Q4-2022 API ThreatStats\u2122 Report infographic](<https://hubspot.wallarm.com/hubfs/Q4%20API%20ThreatStats\$TM\$%20infographic.pdf>)**. We hope you find it interesting and useful, and that it helps you improve your API vulnerability management and security posture.\n\n**2022 Year-End Analysis**\n\nFor a preview of our 2022 Year-End API ThreatStats\u2122 Report, we invite you to register for the [on-demand webinar](<https://www.wallarm.com/webinars/api-threatstats-2022-and-q4>) in which Ivan Novikov, CEO & co-founder of Wallarm and noted security researcher, takes a look at what we learned over the course of the year and what our data-driven recommendations for 2023 are.\n\n[![](https://i0.wp.com/lab.wallarm.com/wp-content/uploads/2023/02/text-2.png?resize=321%2C50&ssl=1)](<https://www.wallarm.com/webinars/api-threatstats-2022-and-q4>)\n\nThe post [<strong>Q4-2022 API ThreatStats\u2122 Report</strong>](<https://lab.wallarm.com/q4-2022-api-threatstats-report/>) appeared first on [Wallarm](<https://lab.wallarm.com>).", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-02-22T16:02:55", "type": "wallarmlab", "title": "Q4-2022 API ThreatStats\u2122 Report", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23858", "CVE-2022-2992", "CVE-2022-3018", "CVE-2022-31130", "CVE-2022-3325", "CVE-2022-40684", "CVE-2022-4223", "CVE-2022-42889", "CVE-2022-43776", "CVE-2022-46792"], "modified": "2023-02-22T16:02:55", "id": "WALLARMLAB:8383499ED724C06A048699BABC906127", "href": "https://lab.wallarm.com/q4-2022-api-threatstats-report/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-12-06T18:33:30", "description": "## Summary\n\nThere is a potential vulnerability in Apache Commons Text that could allow remote attacker to execute arbitrary code. This has been fixed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLog Analysis| 1.3.7.0 \nLog Analysis| 1.3.7.1 \nLog Analysis| 1.3.7.2 \n \n\n\n## Remediation/Fixes\n\nVersion| Fix details \n---|--- \nIBM Operations Analytics - Log Analysis version 1.3.7.0, 1.3.7.1, 1.3.7.2| Upgrade to Log Analysis version 1.3.7.2 Interim Fix 1. Download the [1.3.7.2-TIV-IOALA-IF001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=all> \"1.3.7.2-TIV-IOALA-IF001\" ). For Log Analysis prior to 1.3.7.2, [upgrade](<https://www.ibm.com/support/pages/node/1135125> \"upgrade\" ) to [1.3.7-TIV-IOALA-FP2](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Log+Analysis&release=1.3.7&platform=All&function=all> \"1.3.7-TIV-IOALA-FP2\" ) before installing this fix. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T05:48:17", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons Text used by Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2022-42889)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-22T05:48:17", "id": "82230211773759901439D35AF05865DE2C30B55D541BFF911666C65FCBAFF9C7", "href": "https://www.ibm.com/support/pages/node/6840915", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:29:21", "description": "## Summary\n\nApache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. [CVE-2022-42889] The vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nIBM Content Navigator| 3.0.11 \nIBM Content Navigator| 3.0.12 \n \nNote that this table shows only supported versions of the application as of the date of this bulletin.\n\n## Remediation/Fixes\n\nIBM strongly suggests the following:\n\n**Affected Product(s)**\n\n| **Version(s)**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Content Navigator| 3.0.13| Download [3.0.13](<https://www.ibm.com/support/pages/node/6837661> \"3.0.13\" ) and follow [instructions](<https://www.ibm.com/support/pages/node/6837661> \"instructions\" ) \nIBM Content Navigator| 3.0.12 IF004| Download [3.0.12 IF004](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Content+Navigator&release=3.0.12&platform=All&function=fixId&fixids=3.0.12-ICNSP-IF004-WIN,3.0.12-NMO-IF004-WIN,3.0.12.0-ICN-IF004-WIN,3.0.12.0-ICN-IF004-AIX,3.0.12.0-ICN-IF004-Linux,3.0.12.0-ICN-IF004-zLinux&includeSupersedes=0> \"3.0.12 IF004\" ) and follow [instructions](<https://download4.boulder.ibm.com/sar/CMA/OSA/0b0uu/0/icn_3.0.12.0_ifix004_readme.htm> \"instructions\" ) \nIBM Content Navigator| 3.0.11 IF007| Download [3.0.11 IF007](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Content+Navigator&release=3.0.11&platform=All&function=fixId&fixids=3.0.11.0-ICN-IF007-AIX,3.0.11.0-ICN-IF007-WIN,3.0.11.0-ICN-IF007-Linux,3.0.11.0-ICN-IF007-zLinux,3.0.11-NMO-IF007-WIN,3.0.11-ICNSP-IF007-WIN&includeSupersedes=0> \"3.0.11 IF007\" ) and follow [instructions](<https://download4.boulder.ibm.com/sar/CMA/OSA/0awsp/0/icn_3.0.11.0_ifix007_readme.htm> \"instructions\" ) \n \n## Workarounds and Mitigations\n\nIBM Content Navigator customers who do not use IBM Content Manager onDemand are neither affected nor vulnerable to this security vulnerability.\n\nIBM Content Navigator customers who do use IBM Content Manager onDemand should disable full-text search\n\nDisabling full-text search will avoid calling the vulnerable method.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-04T23:29:02", "type": "ibm", "title": "Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-01-04T23:29:02", "id": "A331C0945CDBE1AC5E6D6A21635B7D8AAED2D3A49D039FF6AAED7021332996D5", "href": "https://www.ibm.com/support/pages/node/6852673", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:26:50", "description": "## Summary\n\nApache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**_Affected Product(s)_**| _**Version(s)**_ \n---|--- \nIBM Spectrum Conductor| 2.4.1 \nIBM Spectrum Conductor| 2.5.0 \nIBM Spectrum Conductor| 2.5.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests the following remediation / fix: \n\n_**Products**_| _**VRMF**_| _**APAR**_| **_Remediation/First Fix_** \n---|---|---|--- \n \nIBM Spectrum Conductor\n\n| 2.4.1| P104785| [sc-2.4.1-build601386](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4.1-build601386&includeSupersedes=0> \"sc-2.4.1-build601386\" ) \nIBM Spectrum Conductor| 2.5.0| P104786| [sc-2.5-build601387](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5-build601387&includeSupersedes=0> \"sc-2.5-build601387\" ) \nIBM Spectrum Conductor| 2.5.1| \n\nP104789``\n\n| [sc-2.5.1-build601390](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5.1-build601390&includeSupersedes=0> \"sc-2.5.1-build601390\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-19T11:52:46", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-01-19T11:52:46", "id": "BFA4C81B5055BBA91E61D5C46CCD068FAC42B3D6AFF17FD091C379441B560C36", "href": "https://www.ibm.com/support/pages/node/6856391", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:08:39", "description": "## Summary\n\nA remote code execution vulnerability in Apache Commons Text used by IBM InfoSphere Information Server was addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7 \n \n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [DT173293](<https://www.ibm.com/mysupport/aCI3p000000Xkuj> \"DT173293\" )| \n\n\\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"11.7.1.4\" ) \n \n\\--Apply Information Server [Microservices tier Platform security patch](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+InfoSphere+Information+Server&fixids=is11714rollup1_v1_microservices> \"security patch for Microservices tier\" ) \n\\--For Apache Commons Text instance used in Solr, apply Information Server [11.7.1.4 Service pack 1](<https://www.ibm.com/support/pages/node/6989459>) \n \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-17T02:29:34", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability in Apache Commons Text (CVE-2022-42889)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-05-17T02:29:34", "id": "654B944646D89465AA4BA0B13D74A7AFBB0C148D1DA92BC7B3B4F7D65FE40225", "href": "https://www.ibm.com/support/pages/node/6841279", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:32:56", "description": "## Summary\n\nApache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Control Center| 6.2.1.0 GA through iFix08 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests the following remediation / fix: \n\nProduct\n\n| \n\nVersion\n\n| \n\nRemediation \n \n---|---|--- \n \nIBM Sterling Control Center\n\n| \n\n6.2.1.0 GA through iFix08\n\n| \n\n6.2.1.0 iFix09 [Fix Central - 6.2.1.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.1.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-30T14:32:45", "type": "ibm", "title": "Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-30T14:32:45", "id": "F6088BD6568A127FF599809D58FBD062FEE6F5AC7C5BBEB44B9618DF2B1B65EA", "href": "https://www.ibm.com/support/pages/node/6842547", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:33:29", "description": "## Summary\n\nThere is a vulnerability in Apache Commons Text used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE [CVE-2022-42889].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Connect:Direct File Agent| 1.4.0.0 - 1.4.0.2_iFix028 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct File Agent| 1.4.0.0 - 1.4.0.2_iFix028| [IT42065](<https://www.ibm.com/support/pages/apar/IT42065> \"IT42065\" )| Apply [1.4.0.2_iFix029](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+File+Agent&release=1.4.0.2&platform=All&function=aparId&apars=IT42065> \"1.4.0.2_iFix029\" ), available on IBM Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T07:55:18", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Text (CVE-2022-42889)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-22T07:55:18", "id": "A94E068C24C78B4A5B7961358AECEA5B087FDEC7BD8E653A9BF42BA988AF25EA", "href": "https://www.ibm.com/support/pages/node/6840951", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:32:56", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Text. [CVE-2022-42889] This has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.5.3 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now. \n\nUpgrade to IBM Watson Discovery 4.6.0\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-30T10:26:27", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-30T10:26:27", "id": "8DF16E055D5F017E67FEE78F3FE1D3465041DD9EFC6DCA7931C2BB196F4A7FC6", "href": "https://www.ibm.com/support/pages/node/6840941", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:26:36", "description": "## Summary\n\nIBM Sterling Partner Engagement Manager has addressed a Publicly disclosed vulnerability that are published by Apache Commons - Collections v3.2.1 [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Partner Engagement Manager| 6.1.2, 6.2.0, 6.2.1 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests the following remediation / fixes: \n\n**Product**| **Version**| **Remediation** \n---|---|--- \nIBM Sterling Partner Engagement Manager Essentials Edition| 6.1.2.7| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.1.2.7&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.1.2.7&source=SAR>) \nIBM Sterling Partner Engagement Manager Standard Edition| 6.1.2.7| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.1.2.7&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.1.2.7&source=SAR>) \nIBM Sterling Partner Engagement Manager Essentials Edition| 6.2.0.5| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.2.0.5&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.2.0.5&source=SAR>) \nIBM Sterling Partner Engagement Manager Standard Edition| 6.2.0.5| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.0.5&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.0.5&source=SAR>) \nIBM Sterling Partner Engagement Manager Essentials Edition| 6.2.1.2| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.2.1.2&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.2.1.2&source=SAR>) \nIBM Sterling Partner Engagement Manager Standard Edition| 6.2.1.2| [https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.1.2&source=SAR](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.1.2&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-24T07:54:04", "type": "ibm", "title": "Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-01-24T07:54:04", "id": "BB9DB44BB01E7993D7CD15BC25628599D706DF5EBDF4A344890D9E1A74F90F9B", "href": "https://www.ibm.com/support/pages/node/6857237", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:33:26", "description": "## Summary\n\nApache Commons Text as used by IBM Cloud Pak for Security is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.10.0.0 \u2013 1.10.4.0 \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nPlease upgrade to at least CP4S 1.10.5.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T15:22:26", "type": "ibm", "title": "Security Bulletin: Apache Commons Text as used by IBM Cloud Pak for Security is vulnerable to code execution [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-22T15:22:26", "id": "CFE4D6ABBC0381B7DDEFF8F8C420DA397822BD8B3C3A033362B2C2EA2940A58E", "href": "https://www.ibm.com/support/pages/node/6841013", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:33:29", "description": "## Summary\n\nThere is a vulnerability in Apache Commons Text used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE [CVE-2022-42889].\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix049 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix057 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix051 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix016 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Product(s)** | **Version(s)**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.0 - 4.8.0.3_iFix049| [IT42066](<https://www.ibm.com/support/pages/apar/IT42066> \"IT42066\" )| Apply [4.8.0.3_iFix050](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=4.8.0.3&platform=All&function=aparId&apars=IT42066> \"4.8.0.3_iFix050\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.0.0.0 - 6.0.0.4_iFix057| [IT42066](<https://www.ibm.com/support/pages/apar/IT42066> \"IT42066\" )| Apply [6.0.0.4_iFix058](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.0.0.4&platform=All&function=aparId&apars=IT42066> \"6.0.0.4_iFix058\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.0 - 6.1.0.2_iFix051| [IT42066](<https://www.ibm.com/support/pages/apar/IT42066> \"IT42066\" )| Apply [6.1.0.2_iFix052](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.1.0.2&platform=All&function=aparId&apars=IT42066> \"6.1.0.2_iFix052\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix016| [IT42066](<https://www.ibm.com/support/pages/apar/IT42066> \"IT42066\" )| Apply [6.2.0.4_iFix017](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.2.0.4&platform=All&function=aparId&apars=IT42066> \"6.2.0.4_iFix017\" ), available on Fix Central \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T07:56:05", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote code execution due to Apache Commons Text (CVE-2022-42889)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-22T07:56:05", "id": "32389A6BDE175BCDB73F1428D3481487894E1BD82D99F1AD2A2247843AF22DA1", "href": "https://www.ibm.com/support/pages/node/6840953", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:33:12", "description": "## Summary\n\nIBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]. Apache Commons Text has been upgraded to version 1.10.0 in IBM Sterling Connect:Direct for UNIX Install Agent and File Agent.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0.0 - 6.2.0.5.iFix003 \nIBM Sterling Connect:Direct for UNIX| 6.1.0.0 - 6.1.0.4.iFix068 \nIBM Sterling Connect:Direct for UNIX| 6.0.0.0 - 6.0.0.2.iFix138 \nIBM Sterling Connect:Direct for UNIX| 4.3.0.0 - 4.3.0.1.iFix102 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading\n\n**Product**| **Version**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0| Apply 6.2.0.5.iFix004, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.2.0.5&platform=All&function=fixId&fixids=6.2.0.5*iFix004*&includeSupersedes=0>). \nIBM Sterling Connect:Direct for UNIX| 6.1.0| Apply 6.1.0.4.iFix069, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.4*iFix069*&includeSupersedes=0> \"Fix Central\" ). \nIBM Sterling Connect:Direct for UNIX| 6.0.0| Apply 6.0.0.2.iFix139, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.0.0.2&platform=All&function=fixId&fixids=6.0.0.2*iFix139*&includeSupersedes=0> \"Fix Central\" ). \nIBM Sterling Connect:Direct for UNIX| 4.3.0| Apply 4.3.0.1.iFix103, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=4.3.0.1&platform=All&function=fixId&fixids=4.3.0.1*iFix103*&includeSupersedes=0> \"Fix Central\" ). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T16:28:57", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-28T16:28:57", "id": "6A665BFE089E6915405804A36BDD124C8C3A870E3C583D6B77300AC4A3A92AE5", "href": "https://www.ibm.com/support/pages/node/6841815", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:24:23", "description": "## Summary\n\nThere is a vulnerability in Apache Commons Text that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.13.1 \n \n\n\n## Remediation/Fixes\n\n**Remediation/Fixes guidance**: \n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.13.1| \n\n**Upgrade to version 1.13.2** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M09PSML** Process Mining 1.13.2 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M09PTML** \nProcess Mining 1.13.2 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-09T10:06:06", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons Text affects IBM Process Mining . CVE-2022-42889", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-02-09T10:06:06", "id": "25A0DBED89B78DF50B61BAB3CD17473BA97E800A36C56603EFB62BD7C5BF5649", "href": "https://www.ibm.com/support/pages/node/6954409", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:23:51", "description": "## Summary\n\nDb2 Web Query is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889]. Apache Commons Text is used by IBM Db2 Web Query for i for string functionality. The fix includes Apache Commons Text 1.10.0. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Db2 Web Query for i| 2.3.0 \nIBM Db2 Web Query for i| 2.4.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nRelease 2.3.0 and 2.4.0 are supported and can be fixed by applying Program Temporary Fixes (PTFs) to the IBM i.\n\nThe PTF numbers containing the fix for this vulnerability are in the following table.\n\n**Affected Product \n**\n\n| \n\n**Version \n**\n\n| \n\n**5733WQX PTFs to Apply for Remediation** \n \n---|---|--- \n \nDb2 Web Query for i\n\n| \n\n2.3.0\n\n| \n\n[SI82437](<https://www.ibm.com/support/pages/ptf/SI82437> \"SI82437\" ) \n[SI82438](<https://www.ibm.com/support/pages/ptf/SI82438> \"SI82438\" ) \n[SI82440](<https://www.ibm.com/support/pages/ptf/SI82440> \"SI82440\" ) \n[SI82324](<https://www.ibm.com/support/pages/ptf/SI82324> \"SI82324\" ) \n \nDb2 Web Query for i\n\n| \n\n2.4.0\n\n| \n\n[SI82206](<https://www.ibm.com/support/pages/ptf/SI82206> \"SI82206\" ) \n[SI82208 ](<https://www.ibm.com/support/pages/ptf/SI82208> \"SI82208\" ) \n[SI82209](<https://www.ibm.com/support/pages/ptf/SI82209> \"SI82209\" ) \n[SI82146](<https://www.ibm.com/support/pages/ptf/SI82146> \"SI82146\" ) \n \n**__Important note:__**_ \nIBM recommends that all users running unsupported versions of affected products upgrade to a supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-13T18:25:15", "type": "ibm", "title": "Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-02-13T18:25:15", "id": "A597DC3926D1E82617A7803B2822066678589921F14735C4B78024B984B37096", "href": "https://www.ibm.com/support/pages/node/6955251", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:07:11", "description": "## Summary\n\nApache Commons Text vulnerability affects Netcool Operations Insight. Apache Commons Text is used by multiple Netcool Operation Insight Services. The vulnerability has been addressed. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Text library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight| 1.4.x \nNetcool Operations Insight| 1.5.x \nNetcool Operations Insight| 1.6.x \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests applying the available fix for this issue. \n\nPlease note that this issue does not affect on-premises deployments.\n\nIf you are on a version older that v1.6.8 you will need to upgrade to v1.6.8.\n\nNetcool Operations Insight v1.6.8 can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture. \n\nInstallation and upgrade steps are dependant on the chosen Netcool Operations Insight architecture \n\nPlease go to <https://www.ibm.com/docs/en/noi/1.6.8?topic=installing> to follow the installation instructions relevant to your chosen architecture.\n\nPlease go to <https://www.ibm.com/docs/en/noi/1.6.8?topic=upgrade> to follow the upgrade instructions relevant to your chosen architecture.\n\nThe available hot fix can be applied to Netcool Operations Insight v1.6.8 by following the instructions in [https://www.ibm.com/support/pages/node/6997113.](<https://www.ibm.com/support/pages/node/6997113>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-29T17:47:50", "type": "ibm", "title": "Security Bulletin: Apache Commons Text vulnerability affects Netcool Operations Insight [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-05-29T17:47:50", "id": "34976823BA0B126E9EA3F4F3FE374E227B40F4161FEB8970200D502A9E80A2AC", "href": "https://www.ibm.com/support/pages/node/6999133", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:10:01", "description": "## Summary\n\nA remote code execution vulnerability in Apache Commons Text used by IBM Cognos Command Center was addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/238560> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cognos Command Center| 10.2.4.1 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\nAffected Product(s)| Version| Fix \n---|---|--- \nIBM Cognos Command Center| 10.2.4.1| [Cognos Command Center 10.2.4 Fix Pack 1 IF17 available for download](<https://www.ibm.com/support/pages/node/6561673>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-04T20:25:47", "type": "ibm", "title": "Security Bulletin: IBM Cognos Command Center is vulnerable to a remote code execution vulnerability in Apache Commons Text (CVE-2022-42889)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-05-04T20:25:47", "id": "580B99132BA6765B368771674D4F7069792D32AE96669CA48218D57B6ACA3D28", "href": "https://www.ibm.com/support/pages/node/6988263", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:51:57", "description": "## Summary\n\nApache Commons Text as used by IBM Jazz Reporting Service is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) \n** DESCRIPTION: **OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Text library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Jazz Reporting Service| 7.0.2 \nIBM Jazz Reporting Service| 7.0.1 \n \n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply for each affected product as soon as possible. \nReleased a iFix version for Jazz Reporting Service 7.0.2 iFix021: To ensure users could protect themselves from this vulnerability, the upgraded version of Apache Commons Text has been released in this ifix.\n\n**Product**| **Version**| **iFix**| **Remediation / First Fix** \n---|---|---|--- \nIBM Jazz Reporting Service| 7.0.2| iFix021| [Fix Central - 7.0.2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=All&platform=All&function=fixId&fixids=7.0.2-IBM-ELM-iFix021&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Fix Central - 7.0.2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-10-11T06:52:09", "type": "ibm", "title": "Security Bulletin: Apache Commons Text as used by IBM Jazz Reporting Service is vulnerable to code execution [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-10-11T06:52:09", "id": "755F86BC7892C756F027C23A1344269CD4BF6264BC440484EDC82EBBF930B4D2", "href": "https://www.ibm.com/support/pages/node/7050609", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:30:16", "description": "## Summary\n\nSynthetic Playback Agent version 8.1.4 IF17 has addressed the following vulnerability: [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPM AM| 8.1.4 \nAPM SaaS| 8.1.4 \nAPM on-premises| 8.1.4 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests the following remediation / fix be applied: \n\nProduct Remediation\n\n| \n\nFix \n \n---|--- \n \nAPM AM\n\n| \n\nfixed in latest saas env \n \nAPM SaaS\n\n| \n\nfixed in latest saas env \n \nAPM on-premises\n\n| \n\nSynthetic Playback Agent 8.1.4 IF17\n\nDownload link: [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-SYNTHETIC-PLAYBACK-AGENT-IF0017&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-SYNTHETIC-PLAYBACK-AGENT-IF0017&source=SAR>)\n\nReadme: <https://www.ibm.com/support/pages/node/6847849> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-29T06:26:03", "type": "ibm", "title": "Security Bulletin: IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-12-29T06:26:03", "id": "424F55ED1408595A5BFAE38C420E57106590690CA00FE7636EFDF907823DBE1F", "href": "https://www.ibm.com/support/pages/node/6852105", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:34:58", "description": "## Summary\n\nApache Commons Text is used by IBM SPSS Modeler as part of the spark function. This vulnerability is addressed. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**IBM SPSS Modeler**| **Version(s) \n** \n---|--- \nIBM SPSS Modeler Client| 18.3 \nIBM SPSS Modeler Server \nIBM SPSS Modeler Solution Publisher \nIBM SPSS Modeler Collaboration and Deployment Services Adapter \nIBM SPSS Modeler Client| 18.4 \nIBM SPSS Modeler Server \nIBM SPSS Modeler Solution Publisher \nIBM SPSS Modeler Collaboration and Deployment Services Adapter \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) \n**| **Fix Download link \n** \n---|---|--- \nIBM SPSS Modeler| 18.3| [18.3.0.0-IM-S18MODELER-IF018](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Modeler&fixids=18.3.0.0-IM-S18MODELER-IF018&source=SAR> \"18.3.0.0-IM-S18MODELER-IF018\" ) \nIBM SPSS Modeler| 18.4| [18.4.0.0-IM-S18MODELER-IF006](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Modeler&fixids=18.4.0.0-IM-S18MODELER-IF006&source=SAR> \"18.4.0.0-IM-S18MODELER-IF006\" ) \n \n## Workarounds and Mitigations\n\nN/A\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-02T02:15:39", "type": "ibm", "title": "Security Bulletin: IBM SPSS Modeler is vulnerable to Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-02T02:15:39", "id": "3DAE2966402FC9EF3964BB1CBD0423B6B41F82063D88DBEC5553181EC28439BA", "href": "https://www.ibm.com/support/pages/node/6833874", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:33:13", "description": "## Summary\n\nThe zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy| 7.1.0.0 - 7.1.2.8 \nUCD - IBM UrbanCode Deploy| 7.2.0.0 - 7.2.3.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests the following: \n\nUpgrade to any of [7.1.2.9](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&fixids=7.1.2.9-IBM-UrbanCode-Deploy&downloadMethod=http> \"7.1.2.9\" ), [7.2.3.2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&fixids=7.2.3.2-IBM-UrbanCode-Deploy&downloadMethod=http> \"7.2.3.2\" ), or [7.3.0.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&fixids=7.3.0.0-IBM-UrbanCode-Deploy&downloadMethod=http> \"7.3.0.0\" ) or later\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T14:07:14", "type": "ibm", "title": "Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-28T14:07:14", "id": "44A69EA11567E0750ACF5FD0E4D72E54C8638AD050A117AAC04B72C28EBAB210", "href": "https://www.ibm.com/support/pages/node/6841791", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:33:24", "description": "## Summary\n\nApache Commons Text as used by IBM QRadar SIEM is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. [CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM QRadar SIEM| 7.4.0 - 7.4.3 Fix Pack 7 \nIBM QRadar SIEM| 7.5.0 - 7.5.0 Update Pack 3 Interim Fix 2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests customers update their systems promptly. \n\nAffected Product(s)| Versions| Fix \n---|---|--- \nIBM QRadar SIEM| 7.4| [7.4.3 Fix Pack 7 Interim Fix 1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20221101201807INT&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.4.3 Fix Pack 7 Interim Fix 1\" ) \nIBM QRadar SIEM| 7.5| [7.5.0 Update Pack 3 Interim Fix 3](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.5.0&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20221025192938INT&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.5.0 Update Pack 3 Interim Fix 3\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T15:43:23", "type": "ibm", "title": "Security Bulletin: Apache Commons Text as used by IBM QRadar SIEM is vulnerable to code execution [CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-22T15:43:23", "id": "FEEE7E44848395185302072C2C3A802B7BC1586175DAEA0309080F01A6101BF4", "href": "https://www.ibm.com/support/pages/node/6841021", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:14:41", "description": "## Summary\n\nIBM Security Guardium has fixed these vulnerabilities by updating the affected components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-31684](<https://vulners.com/cve/CVE-2022-31684>) \n** DESCRIPTION: **Tanzu VMware Reactor Netty could allow a remote authenticated attacker to obtain sensitive information, caused by the log of request headers in some cases of invalid HTTP requests. By gaining access to the log file, an attacker could exploit this vulnerability to obtain valid access tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-41853](<https://vulners.com/cve/CVE-2022-41853>) \n** DESCRIPTION: **HSQLDB could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user-supplied input by the java.sql.Statement or java.sql.PreparedStatement components. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237983](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237983>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Guardium| 11.3 \nIBM Security Guardium| 11.4 \nIBM Security Guardium| 11.5 \n \n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\n** Product**| **Versions**| ** Fix** \n---|---|--- \nIBM Security Guardium| 11.3| \n\n| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p380_Bundle_Feb-17-2023&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p380_Bundle_Feb-17-2023&includeSupersedes=0&source=fc>) \n--- \n \nIBM Security Guardium| 11.4| \n\n| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p470_Bundle_Mar-22-2023&includeSupersedes=0&source=fc ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p470_Bundle_Mar-22-2023&includeSupersedes=0&source=fc>) \n--- \n \nIBM Security Guardium| 11.5| \n\n| | [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p520_Bundle_Feb-20-2023&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p520_Bundle_Feb-20-2023&includeSupersedes=0&source=fc>) \n--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-04T16:27:55", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by remote code execution and sensitive information vulnerabilities (CVE-2022-31684, CVE-2022-41853)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31684", "CVE-2022-41853"], "modified": "2023-04-04T16:27:55", "id": "850C6C3C2C42EBAE446DDBB4AF0C72F8C5CDD84EAB6B13A3488C5210D28D653F", "href": "https://www.ibm.com/support/pages/node/6960211", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:25:36", "description": "## Summary\n\nIBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.0 - 2.3 Fix Pack 5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests upgrading to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 6 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-01T11:04:10", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Apache Commons [CVE-2022-42889 and CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980", "CVE-2022-42889"], "modified": "2023-02-01T11:04:10", "id": "D217E46A21D57F6E2A2BF7B705F5AB42A912E70179C85B686B09E652D0CFD1B3", "href": "https://www.ibm.com/support/pages/node/6909421", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:33:12", "description": "## Summary\n\nApache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, part of data ingestion. The vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests applying 1.3.6 Interim Fix 6: \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6> \"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T08:55:59", "type": "ibm", "title": "Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33980", "CVE-2022-42889"], "modified": "2022-11-28T08:55:59", "id": "FE3ECC02D6131D037DB72CD71278183A707DC57C21C726BB8037F95488CB8384", "href": "https://www.ibm.com/support/pages/node/6841785", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:19:35", "description": "## Summary\n\nIBM Security Guardium has addressed these vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-39166](<https://vulners.com/cve/CVE-2022-39166>) \n** DESCRIPTION: **IBM Security Guardium could allow a privileged user to obtain sensitive information inside of an HTTP response. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-34917](<https://vulners.com/cve/CVE-2022-34917>) \n** DESCRIPTION: **Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate large amounts of memory on brokers, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Guardium| 11.3 \nIBM Security Guardium| 11.4 \nIBM Security Guardium| 11.5 \n \n## Remediation/Fixes\n\nIBM strongly encourages customers to update their systems promptly.\n\n** Product**| **Versions**| ** Fix** \n---|---|--- \nIBM Security Guardium| 11.3| | [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p380_Bundle_Feb-17-2023&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p380_Bundle_Feb-17-2023&includeSupersedes=0&source=fc>) \n--- \nIBM Security Guardium| 11.4| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p460_Bundle_Nov-17-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p460_Bundle_Nov-17-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.5| \n\n| | [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p520_Bundle_Feb-20-2023&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p520_Bundle_Feb-20-2023&includeSupersedes=0&source=fc>) \n--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-07T16:39:26", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34917", "CVE-2022-39166", "CVE-2022-42889"], "modified": "2023-03-07T16:39:26", "id": "34608F2658210EEB0B8116A6B4A4EC6E543E2ADF1A78C2DA380966C05B70FD9E", "href": "https://www.ibm.com/support/pages/node/6848317", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:35:18", "description": "## Summary\n\nThis fix upgrades to Websphere Liberty 22.0.0.10, NodeJs 14.20.1, Jackson 2.14.0-rc1, Protobuf 3.16.3, Apache commons-text 1.10.0 \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-35256](<https://vulners.com/cve/CVE-2022-35256>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-35255](<https://vulners.com/cve/CVE-2022-35255>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by the failure to check the return value after calls are made to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-3171](<https://vulners.com/cve/CVE-2022-3171>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-34165](<https://vulners.com/cve/CVE-2022-34165>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** IBM X-Force ID: **237717 \n** DESCRIPTION: **Node.js vuetify module is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the VSelect component. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/237717 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237717>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - IBM Answer Retrieval for Watson Discovery| All \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Answer Retrieval for Watson Discovery| < 2.9.0| Download and install [v2.9.0](<http://download4.boulder.ibm.com/sar/CMA/OSA/0avq0/0/Answer_Retrieval_WD_2.9.0_EN.gz> \"v2.9.0\" ) \nFollow instructions in the downloaded package. \n \n## Workarounds and Mitigations\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Answer Retrieval for Watson Discovery| < 2.9.0| Download and install [v2.9.0](<http://download4.boulder.ibm.com/sar/CMA/OSA/0avq0/0/Answer_Retrieval_WD_2.9.0_EN.gz> \"v2.9.0\" ) \nFollow instructions in the downloaded package. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-27T15:18:21", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.8 and earlier", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3171", "CVE-2022-34165", "CVE-2022-35255", "CVE-2022-35256", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889"], "modified": "2022-10-27T15:18:21", "id": "A103950266161AA2446D19710AACADE03B4ED20EDD774E62718375E1DC606996", "href": "https://www.ibm.com/support/pages/node/6830297", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:30:48", "description": "## Summary\n\nMultiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41880](<https://vulners.com/cve/CVE-2022-41880>) \n** DESCRIPTION: **TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw when receiving a value in true_classes larger than range_max in the BaseCandidateSamplerOp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240379](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240379>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2022-41900](<https://vulners.com/cve/CVE-2022-41900>) \n** DESCRIPTION: **TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds write flaw in the FractionalMaxPool and FractionalAvgPool functions. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240397>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-37616](<https://vulners.com/cve/CVE-2022-37616>) \n** DESCRIPTION: **xmldom could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the dom.js script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238439](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238439>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-39353](<https://vulners.com/cve/CVE-2022-39353>) \n** DESCRIPTION: **Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by the use of multiple top level elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access. \nCVSS Base score: 9.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239426](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239426>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H) \n \n** CVEID: **[CVE-2021-37404](<https://vulners.com/cve/CVE-2021-37404>) \n** DESCRIPTION: **Apache Hadoop is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the libhdfs native code. By opening a specially-crafted file path, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25168](<https://vulners.com/cve/CVE-2022-25168>) \n** DESCRIPTION: **Apache Hadoop could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper input file name validation by the FileUtil.unTar(File, File) API. By sending specially-crafted arguments, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-36067](<https://vulners.com/cve/CVE-2022-36067>) \n** DESCRIPTION: **Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox protections bypass flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235472](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235472>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Watson AIOps| 3.1 \nIBM Cloud Pak for Watson AIOps| 3.2 \nIBM Cloud Pak for Watson AIOps| 3.3 \nIBM Cloud Pak for Watson AIOps| 3.4 \nIBM Cloud Pak for Watson AIOps| 3.5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix:\n\n<https://www.ibm.com/docs/en/SSJGDOB_3.6.0/upgrading/upgrading.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-15T03:09:07", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37404", "CVE-2022-25168", "CVE-2022-36067", "CVE-2022-37616", "CVE-2022-39353", "CVE-2022-41880", "CVE-2022-41900", "CVE-2022-42889"], "modified": "2022-12-15T03:09:07", "id": "F9D06594A00624E53C29A51D70903B1B9259203EE3DF4AB0E886987AC14CFC1A", "href": "https://www.ibm.com/support/pages/node/6848195", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T13:59:35", "description": "## Summary\n\nIn addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF022 and 22.0.2-IF006.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-43929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241676>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-43927](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241671>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241671](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241671>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2014-3577](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2022-43930](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241677>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241677](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241677>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-34169](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) \n** DESCRIPTION: **The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-42889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) \n** DESCRIPTION: **OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Text library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21426](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224714>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224714](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224714>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-21830](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245038>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/245038](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245038>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2023-21843](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245037>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Sound component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/245037](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245037>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-1471](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) \n** DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s)| Status \n---|---|--- \nIBM Cloud Pak for Business Automation| V22.0.2 - V22.0.2-IF005| affected \nIBM Cloud Pak for Business Automation| V21.0.3 - V21.0.3-IF021| affected \nIBM Cloud Pak for Business Automation| V22.0.1 - V22.0.1-IF006 and later fixes \nV21.0.2 - V21.0.2-IF012 and later fixes \nV21.0.1 - V21.0.1-IF007 and later fixes \nV20.0.1 - V20.0.3 and later fixes \nV19.0.1 - V19.0.3 and later fixes \nV18.0.0 - V18.0.2 and later fixes| affected \n \n## Remediation/Fixes\n\nAny open source library may be included in one or more sub-components of IBM Cloud Pak for Business Automation. Open source updates are not always synchronized across all components. The CVE in this bulletin are specifically addressed by\n\nCVE ID| Addressed in component \n---|--- \nCVE-2022-43929| Db2 in starter pattern \nCVE-2022-43927| Db2 in starter pattern \nCVE-2014-3577| Db2 in starter pattern \nCVE-2022-43930| Db2 in starter pattern \nCVE-2022-34169| Operational Decision Management, Automation Decisions Services \nCVE-2022-42889| Automation Decisions Services \nCVE-2022-21426| Operational Decision Management \nCVE-2023-21830| Operational Decision Management \nCVE-2023-21843| Operational Decision Management \nCVE-2022-1471| Automation Decisions Services \n \nAffected Product(s)| Version(s)| Remediation / Fix \n---|---|--- \nIBM Cloud Pak for Business Automation| V22.0.2 - V22.0.2-IF005| Apply security fix [22.0.2-IF006](<https://www.ibm.com/support/pages/node/7001049> \"22.0.2-IF006\" ) \nIBM Cloud Pak for Business Automation| V21.0.3 - V21.0.3-IF021| Apply security fix [21.0.3-IF022](<https://www.ibm.com/support/pages/node/7001241> \"21.0.3-IF022\" ) or upgrade to [22.0.2-IF006](<https://www.ibm.com/support/pages/node/7001049> \"22.0.2-IF006\" ) \nIBM Cloud Pak for Business Automation| V21.0.1 - V21.0.1-IF008 \nV20.0.1 - V20.0.3 \nV19.0.1 - V19.0.3 \nV18.0.0 - V18.0.2| Upgrade to [21.0.3-IF022](<https://www.ibm.com/support/pages/node/7001241> \"21.0.3-IF022\" ) or [22.0.2-IF006](<https://www.ibm.com/support/pages/node/7001049> \"22.0.2-IF006\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-30T15:51:44", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2022-1471", "CVE-2022-21426", "CVE-2022-34169", "CVE-2022-42889", "CVE-2022-43927", "CVE-2022-43929", "CVE-2022-43930", "CVE-2023-21830", "CVE-2023-21843"], "modified": "2023-06-30T15:51:44", "id": "00B8BFFFE9EC2CDB467AF3D17608DB7C5E49C98591131C859F8ADA15204371EB", "href": "https://www.ibm.com/support/pages/node/7009021", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:54:03", "description": "## Summary\n\nIn addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-46364](<https://vulners.com/cve/CVE-2022-46364>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-1108](<https://vulners.com/cve/CVE-2023-1108>) \n** DESCRIPTION: **Undertow is vulnerable to a denial of service, caused by an infinite loop in SslConduit during close on JDK 11. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249912](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-38900](<https://vulners.com/cve/CVE-2022-38900>) \n** DESCRIPTION: **decode-uri-component is vulnerable to a denial of service, caused by improper input validation by the decodeComponents function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241069](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241069>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40151](<https://vulners.com/cve/CVE-2022-40151>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20324](<https://vulners.com/cve/CVE-2021-20324>) \n** DESCRIPTION: **WildFly Elytron could allow a remote attacker to hijack a user's session, caused by a session fixation variation when using Undertow FORM authentication. By persuading a victim to click on a specially-crafted Web site, an attacker could exploit this vulnerability to gain access to another user's session. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Text library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25857](<https://vulners.com/cve/CVE-2022-25857>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-30129](<https://vulners.com/cve/CVE-2021-30129>) \n** DESCRIPTION: **Apache Mina SSHD is vulnerable to a denial of service, caused by an OutOfMemory flaw in the SFTP and port forwarding features in sshd-core. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205211](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205211>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42920](<https://vulners.com/cve/CVE-2022-42920>) \n** DESCRIPTION: **Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain control over the resulting bytecode than otherwise expected. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-0482](<https://vulners.com/cve/CVE-2023-0482>) \n** DESCRIPTION: **RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile() used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-3782](<https://vulners.com/cve/CVE-2022-3782>) \n** DESCRIPTION: **Keycloak could allow a remote attacker to traverse directories on the system, caused by improper validation of URLs included in a redirect. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/244909](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244909>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-3171](<https://vulners.com/cve/CVE-2022-3171>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-45047](<https://vulners.com/cve/CVE-2022-45047>) \n** DESCRIPTION: **Apache MINA SSHD could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider class. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240204](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240204>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-40152](<https://vulners.com/cve/CVE-2022-40152>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **220723 \n** DESCRIPTION: **Apache Commons Fileupload could allow a remote attacker to obtain sensitive information, caused by a resource leak flaw in the FileUploadBase class. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220723 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220723>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Manager Open Editions| 8.0.2 \nIBM Business Automation Manager Open Editions| 8.0.1 \nIBM Business Automation Manager Open Editions| 8.0.0 \n \n## Remediation/Fixes\n\nProduct(s)| Version(s)| Remediation/Fix \n---|---|--- \nIBM Business Automation Manager Open Editions| 8.0.0,8.0.1,8.0.2| [Download 8.0.3](<https://www.ibm.com/support/pages/node/6596913>) and follow instructions. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-13T09:08:06", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20324", "CVE-2021-30129", "CVE-2022-25857", "CVE-2022-3171", "CVE-2022-3782", "CVE-2022-38900", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2022-42920", "CVE-2022-45047", "CVE-2022-46364", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-09-13T09:08:06", "id": "9FF827E2FD54F19DA755A2B6208A2EC7D3AE8D60BF765D40D030A7C7CEF95C29", "href": "https://www.ibm.com/support/pages/node/6999633", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:32:23", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-2163](<https://vulners.com/cve/CVE-2021-2163>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200292](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200292>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-36033](<https://vulners.com/cve/CVE-2022-36033>) \n** DESCRIPTION: **jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-35255](<https://vulners.com/cve/CVE-2022-35255>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by the failure to check the return value after calls are made to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-35256](<https://vulners.com/cve/CVE-2022-35256>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-33987](<https://vulners.com/cve/CVE-2022-33987>) \n** DESCRIPTION: **Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a redirect to a UNIX socket. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229246](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229246>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-21290](<https://vulners.com/cve/CVE-2021-21290>) \n** DESCRIPTION: **Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-24823](<https://vulners.com/cve/CVE-2022-24823>) \n** DESCRIPTION: **Netty could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when temporary storing uploads on the disk is enabled. By gaining access to the local system temporary directory, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225922](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225922>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>) \n** DESCRIPTION: **An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24675](<https://vulners.com/cve/CVE-2022-24675>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a stack-based buffer overflow in encoding/pem in the Decode feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the program to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224866](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224866>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24921](<https://vulners.com/cve/CVE-2022-24921>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a specially-crafted deeply nested expression, a remote attacker could exploit this vulnerability to cause a goroutine stack exhaustion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221503](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221503>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-28327](<https://vulners.com/cve/CVE-2022-28327>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validaiton by the generic P-256 feature in crypto/elliptic. By sending a specially-crafted request with long scalar input, a remote attacker could exploit this vulnerability to cause a panic on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224871](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224871>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker could exploit this vulnerability to consume large amount of RAM and cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-34165](<https://vulners.com/cve/CVE-2022-34165>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.0.1 - 3.3.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s)**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Cloud Transformation Advisor| 2.0.1 - 3.3.0| Install v3.3.1 from OperatorHub page in Red Hat OpenShift Container Platform or locally following this [link](<https://www.ibm.com/cloud/architecture/tutorials/install-ibm-transformation-advisor-local> \"link\" ). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-05T19:00:57", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21290", "CVE-2021-2163", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24823", "CVE-2022-24921", "CVE-2022-28327", "CVE-2022-33987", "CVE-2022-34165", "CVE-2022-35255", "CVE-2022-35256", "CVE-2022-36033", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889"], "modified": "2022-12-05T19:00:57", "id": "7C5451969551322B10C02D39A8205047791F77289C2CE11B04A515BC58230E66", "href": "https://www.ibm.com/support/pages/node/6831799", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-08T22:26:35", "description": "## Summary\n\nMultiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality (CVE-2022-42889). Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the Watson NLP functionality (CVE-2019-17195). FasterXML jackson-databind is used by IBM Robotic Process Automation as part of the Watson NLP functionality (CVE-2020-36518, CVE-2022-42004, CVE-2018-7489, CVE-2020-10650, CVE-2020-35490, CVE-2020-35491, CVE-2022-42003). GnuPG Libksba is used by IBM Robotic Process Automation as part of the UBI base containre image, Websphere Liberty and Watson NLP functionality (CVE-2022-3515). GnuTLS is used by IBM Robotic Process Automation as part of the UBI base container image, Websphere Liberty and Watson NLP functionality (CVE-2022-2509). ISC BIND is used by IBM Robotic Process Automation as part of the ClamAv and Watson NLP functionality (CVE-2021-25220). Netplex json-smart-v1 and json-smart-v2 is used by IBM Robotic Process Automation as part of the Watson NLP functionality (CVE-2021-27568). SQlite is used by IBM Robotic Process Automation as part of the UBI base container image, Websphere Liberty and Watson NLP functionality (CVE-2020-35525, CVE-2020-35527). libexpat is used by IBM Robotic Process Automation as part of the UBI base container image, Abbyy, ClamAv and Watson NLP functionality (CVE-2022-40674). procps-ng is no longer used by IBM Robotic Process Automation for Cloud Pak (removed in 21.0.7) (CVE-2018-1121). zlib is used by IBM Robotic Process Automation as part of the UBI base container image, Websphere Liberty and ClamAv functionality (CVE-2022-37434). This bulletin identifies the security fixes to apply to address the vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-1121](<https://vulners.com/cve/CVE-2018-1121>) \n** DESCRIPTION: **procps-ng procps is vulnerable to a denial of service, caused by a race condition. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to hide a process under /proc/PID/. \nCVSS Base score: 3.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2018-7489](<https://vulners.com/cve/CVE-2018-7489>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139549](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139549>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-17195](<https://vulners.com/cve/CVE-2019-17195>) \n** DESCRIPTION: **Connect2id Nimbus JOSE+JWT is vulnerable to a denial of service, caused by the throwing of various uncaught exceptions while parsing a JWT. An attacker could exploit this vulnerability to crash the application or obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2020-10650](<https://vulners.com/cve/CVE-2020-10650>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the unsafe deserialization of data when handling interactions related to the class ignite-jta. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234219](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234219>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35490](<https://vulners.com/cve/CVE-2020-35490>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193391](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193391>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35491](<https://vulners.com/cve/CVE-2020-35491>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35525](<https://vulners.com/cve/CVE-2020-35525>) \n** DESCRIPTION: **SQlite is vulnerable to a denial of service, caused by a NULL pointer derreference flaw in the INTERSEC query processing. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35527](<https://vulners.com/cve/CVE-2020-35527>) \n** DESCRIPTION: **SQlite could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access flaw through ALTER TABLE for views that have a nested FROM clause.. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235226](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235226>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36518](<https://vulners.com/cve/CVE-2020-36518>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-25220](<https://vulners.com/cve/CVE-2021-25220>) \n** DESCRIPTION: **ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when using DNS forwarders. An attacker could exploit this vulnerability to poison the cache with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221991](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221991>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-27568](<https://vulners.com/cve/CVE-2021-27568>) \n** DESCRIPTION: **Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of service, caused by an uncaught exception flaw in NumberFormatException. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the library to crash or obtain sensitive information. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197316](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197316>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2022-2509](<https://vulners.com/cve/CVE-2022-2509>) \n** DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a double free flaw during the verification of pkcs7 signatures in gnutls_pkcs7_verify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-3515](<https://vulners.com/cve/CVE-2022-3515>) \n** DESCRIPTION: **GnuPG Libksba could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the CRL parser. By sending a specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239062](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239062>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-37434](<https://vulners.com/cve/CVE-2022-37434>) \n** DESCRIPTION: **zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-40674](<https://vulners.com/cve/CVE-2022-40674>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the doContent function in xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236116](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236116>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Robotic Process Automation for Cloud Pak| < 21.0.7 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Robotic Process Automation for Cloud Pak| < 21.0.7| Update to 21.0.7 or higher using the following [instructions](<https://www.ibm.com/docs/en/rpa/21.0?topic=upgrading-rpa-openshift-container-platform> \"\" ). \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-06T21:23:41", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1121", "CVE-2018-7489", "CVE-2019-17195", "CVE-2020-10650", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35525", "CVE-2020-35527", "CVE-2020-36518", "CVE-2021-25220", "CVE-2021-27568", "CVE-2022-2509", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889"], "modified": "2023-01-06T21:23:41", "id": "2CEF62C50CDD94A991768F05F02F6E909CA28C3D65E1DDC9FE44EB80961223F7", "href": "https://www.ibm.com/support/pages/node/6853461", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:11:16", "description": "## Summary\n\nIBM has released the below fix for IBM Db2\u00ae Graph in response to multiple vulnerabilities found in multiple components\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-41881](<https://vulners.com/cve/CVE-2022-41881>) \n**DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause an infinite recursion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242087](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-41915](<https://vulners.com/cve/CVE-2022-41915>) \n**DESCRIPTION: **Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker could exploit this vulnerability to inject arbitrary HTTP/1.1 response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n**DESCRIPTION: **OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Text library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n**DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-25881](<https://vulners.com/cve/CVE-2022-25881>) \n**DESCRIPTION: **Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input using request header values, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-8244](<https://vulners.com/cve/CVE-2020-8244>) \n**DESCRIPTION: **Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sending a specially-crafted argument, an attacker could exploit this vulnerability to obtain sensitive information, or cause a denial of service condition. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) \n \n**CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n**DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-38752](<https://vulners.com/cve/CVE-2022-38752>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-38751](<https://vulners.com/cve/CVE-2022-38751>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-38750](<https://vulners.com/cve/CVE-2022-38750>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-38749](<https://vulners.com/cve/CVE-2022-38749>) \n**DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2022-41854](<https://vulners.com/cve/CVE-2022-41854>) \n**DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2022-25857](<https://vulners.com/cve/CVE-2022-25857>) \n**DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-23918](<https://vulners.com/cve/CVE-2023-23918>) \n**DESCRIPTION: **Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a specially-crafted request using process.mainModule.require(), an attacker could exploit this vulnerability to bypass Permissions and access non authorized modules. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2023-23919](<https://vulners.com/cve/CVE-2023-23919>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by not clear the OpenSSL error stack after operations. By sending specially-crafted cryptographic operations, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247697](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247697>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-23936](<https://vulners.com/cve/CVE-2023-23936>) \n**DESCRIPTION: **Node.js is vulnerable to CRLF injection, caused by a flaw in the fetch API. By sending a specially-crafted HTTP response containing CRLF character sequences, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, session hijacking, HTTP response splitting or HTTP header injection. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247696>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2023-24807](<https://vulners.com/cve/CVE-2023-24807>) \n**DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Headers.set() and Headers.append() methods in the fetch API. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247695>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-23920](<https://vulners.com/cve/CVE-2023-23920>) \n**DESCRIPTION: **Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICU_DATA environment variable, an attacker could exploit this vulnerability to search and potentially load ICU data. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247694](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247694>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2022-37866](<https://vulners.com/cve/CVE-2022-37866>) \n**DESCRIPTION: **Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to overwrite arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2022-37865](<https://vulners.com/cve/CVE-2022-37865>) \n**DESCRIPTION: **Apache Ivy could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could use a specially-crafted archive file containing \"dot dot\" sequences (/../) to write arbitrary files on the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239423](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239423>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM Db2\u00ae Graph levels are affected:\n\nAffected Product(s) | Version(s) \n---|--- \nDb2 Graph | 1.0.0.592-1.0.0.1514 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing these vulnerabilities now by upgrading to the latest IBM Db2\u00ae Graph release containing the fix for these issues. **\n\nProduct(s) | Fixed in Version(s) \n---|--- \nDb2 Graph | \n\n1.0.0.1562-amd64\n\n1.0.0.1598-amd64\n\nlatest-amd64\n\n1.0.0.1562-ppcle\n\n1.0.0.1598-ppcle\n\nlatest-ppcle\n\n1.0.0.1562-s390x\n\n1.0.0.1598-s390x\n\nlatest-s390x \n \nFollow the instructions below to setup IBM Db2 Graph\n\n<https://www.ibm.com/docs/en/db2/11.5?topic=graph-setting-up-db2>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-24T22:02:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Db2\u00ae Graph", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8244", "CVE-2022-25857", "CVE-2022-25881", "CVE-2022-33980", "CVE-2022-37865", "CVE-2022-37866", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2023-23918", "CVE-2023-23919", "CVE-2023-23920", "CVE-2023-23936", "CVE-2023-24807"], "modified": "2023-04-24T22:02:48", "id": "12365E079006AC201EC3CA279F0927477E9103C595244F01496633DFAC47BD20", "href": "https://www.ibm.com/support/pages/node/6985689", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T18:08:38", "description": "## Summary\n\nIBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-31047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/254317>) \n** DESCRIPTION: **Django could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass of validation. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/254317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/254317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-42003](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217982>) \n** DESCRIPTION: **Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duration. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217982](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217982>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14338](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188534>) \n** DESCRIPTION: **Wildfly could allow a remote attacker to bypass security restrictions, caused by improper XML validation in the XMLSchemaValidator class in the JAXP component. By using a specially-crafted XML file, an attacker could exploit this vulnerability to manipulate the validation process in certain cases. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188534](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188534>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-7226](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175399>) \n** DESCRIPTION: **Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decode operation in CiphertextHeader.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175399](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175399>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-41721](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244775>) \n** DESCRIPTION: **Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/244775](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244775>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-2047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-27664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235355>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a closing HTTP/2 server connection to hang, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-10086](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-45868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240855>) \n** DESCRIPTION: **H2 Database Engine could allow a local attacker to obtain sensitive information, caused by an issue with passing password in cleartext with the argument -webAdminPassword in CLI. By listing processes and their arguments in CLI, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-40690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209586>) \n** DESCRIPTION: **Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the \"secureValidation\" property when creating a KeyInfo from a KeyInfoReference element. An attacker could exploit this vulnerability to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-41723](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247965>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploit this vulnerability to cause excessive CPU consumption, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23457](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225192>) \n** DESCRIPTION: **ESAPI could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)`. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass control-flow. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225192](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225192>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-34169](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) \n** DESCRIPTION: **The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-31684](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240579>) \n** DESCRIPTION: **Tanzu VMware Reactor Netty could allow a remote authenticated attacker to obtain sensitive information, caused by the log of request headers in some cases of invalid HTTP requests. By gaining access to the log file, an attacker could exploit this vulnerability to obtain valid access tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2023-20873](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253466>) \n** DESCRIPTION: **VMware Tanzu Spring Boot could allow a remote attacker to bypass security restrictions, caused by a flaw with wildcard pattern matching when deployed on Cloud Foundry. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253466](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253466>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2016-2510](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111295>) \n** DESCRIPTION: **BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or XStream. An attacker could exploit this vulnerability deserialize data and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111295](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111295>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-3604](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97659>) \n** DESCRIPTION: **Not-Yet-Commons-SSL could allow a remote attacker to bypass security restrictions, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the SSL certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to cause the victim to impersonate trusted servers. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/97659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97659>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-15522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202188>) \n** DESCRIPTION: **Bouncy Castle BC Java, BC C# .NET, BC-FJA, BC-FNA could allow a remote attacker to obtain sensitive information, caused by a timing issue within the EC math library. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202188](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202188>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-26939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191108>) \n** DESCRIPTION: **Legion of the Bouncy Castle BC and Legion of the Bouncy Castle BC-FJA could allow a remote attacker to obtain sensitive information, caused by observable differences in behavior to rrror inputs in org.bouncycastle.crypto.encodings.OAEPEncoding. By using the OAEP Decoder to send invalid ciphertext that decrypts to a short payload, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCP4NA| 2.x \n \n## Remediation/Fixes\n\nAs per CVEs listed above\n\nIBM strongly suggests the following remediation / fixes:\n\nIBM Cloud Pak for Network Automation 2.5.0 can be deployed on-premises.\n\nPlease go to <https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.5.0> to follow the installation instructions relevant to your chosen architecture.\n\n## Workarounds and Mitigations\n\nNone. Upgrade to the latest version.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-20T08:52:54", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3604", "CVE-2016-2510", "CVE-2019-10086", "CVE-2020-14338", "CVE-2020-15522", "CVE-2020-26939", "CVE-2020-36518", "CVE-2020-7226", "CVE-2021-40690", "CVE-2022-2047", "CVE-2022-22950", "CVE-2022-23437", "CVE-2022-23457", "CVE-2022-27664", "CVE-2022-31684", "CVE-2022-34169", "CVE-2022-41721", "CVE-2022-41723", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45868", "CVE-2023-20873", "CVE-2023-31047"], "modified": "2023-06-20T08:52:54", "id": "656937FA945DE5E58B9B5C0431A830AA521D479596EA01ACED0A20A166C4E3B3", "href": "https://www.ibm.com/support/pages/node/7005485", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:31:32", "description": "## Summary\n\nIBM Data Risk Manager (IDRM) 2.0.6.14, which is the only supported version, is impacted by multiple vulnerabilities including Apache Commons Text 1.9 (CVE-2022-42889). The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.15 which includes Apache Commons Text 1.10. Please see the remediation steps below to apply the fix. All customers are encouraged to act quickly to update their systems.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-38750](<https://vulners.com/cve/CVE-2022-38750>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38751](<https://vulners.com/cve/CVE-2022-38751>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38749](<https://vulners.com/cve/CVE-2022-38749>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38752](<https://vulners.com/cve/CVE-2022-38752>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21541](<https://vulners.com/cve/CVE-2022-21541>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231568](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231568>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-21540](<https://vulners.com/cve/CVE-2022-21540>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-42252](<https://vulners.com/cve/CVE-2022-42252>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-42889](<https://vulners.com/cve/CVE-2022-42889>) \n** DESCRIPTION: **Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-31692](<https://vulners.com/cve/CVE-2022-31692>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher types. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authorization rules. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-31690](<https://vulners.com/cve/CVE-2022-31690>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239738](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239738>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-36033](<https://vulners.com/cve/CVE-2022-36033>) \n** DESCRIPTION: **jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-32250](<https://vulners.com/cve/CVE-2022-32250>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free write flaw in the netfilter subsystem. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-31160](<https://vulners.com/cve/CVE-2022-31160>) \n** DESCRIPTION: **jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-25857](<https://vulners.com/cve/CVE-2022-25857>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-34917](<https://vulners.com/cve/CVE-2022-34917>) \n** DESCRIPTION: **Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate large amounts of memory on brokers, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-35737](<https://vulners.com/cve/CVE-2022-35737>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an array-bounds overflow. By sending C API with specially-crafted string argument, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://vulners.com/cve/CVE-2022-33980>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23457](<https://vulners.com/cve/CVE-2022-23457>) \n** DESCRIPTION: **ESAPI could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)`. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass control-flow. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225192](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225192>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-24891](<https://vulners.com/cve/CVE-2022-24891>) \n** DESCRIPTION: **ESAPI is vulnerable to cross-site scripting, caused by incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-31679](<https://vulners.com/cve/CVE-2022-31679>) \n** DESCRIPTION: **VMWare Spring Data REST could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-7226](<https://vulners.com/cve/CVE-2020-7226>) \n** DESCRIPTION: **Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decode operation in CiphertextHeader.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175399](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175399>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-3676](<https://vulners.com/cve/CVE-2022-3676>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239608](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239608>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-40149](<https://vulners.com/cve/CVE-2022-40149>) \n** DESCRIPTION: **jettison-json Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236352](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236352>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40150](<https://vulners.com/cve/CVE-2022-40150>) \n** DESCRIPTION: **jettison-json Jettison is vulnerable to a denial of service, caused by an out of memory flaw. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21628](<https://vulners.com/cve/CVE-2022-21628>) \n** DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238623](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238623>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21626](<https://vulners.com/cve/CVE-2022-21626>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21624](<https://vulners.com/cve/CVE-2022-21624>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21619](<https://vulners.com/cve/CVE-2022-21619>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-36518](<https://vulners.com/cve/CVE-2020-36518>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-2163](<https://vulners.com/cve/CVE-2021-2163>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200292](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200292>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-2625](<https://vulners.com/cve/CVE-2022-2625>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of the modification of dynamically-determined object attributes. By creating a specially-crafted object using at least one schema, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233970>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-3171](<https://vulners.com/cve/CVE-2022-3171>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-31197](<https://vulners.com/cve/CVE-2022-31197>) \n** DESCRIPTION: **PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to PGJDBC implementation of the java.sql.ResultRow.refreshRow() method, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232820](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232820>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-31129](<https://vulners.com/cve/CVE-2022-31129>) \n** DESCRIPTION: **Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230690](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230690>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24785](<https://vulners.com/cve/CVE-2022-24785>) \n** DESCRIPTION: **Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafted locale string containing \"dot dot\" sequences (/../) to switch arbitrary moment locale. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-42003](<https://vulners.com/cve/CVE-2022-42003>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42004](<https://vulners.com/cve/CVE-2022-42004>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **186425 \n** DESCRIPTION: **The jose.4.j library could allow a remote attacker to obtain sensitive information, caused by an Elliptic Curve Key Disclosure if the JWK's Header Parameter includes the public key. An attacker could generate a private key/public key pair and send the public key together with the signature resulting in the invalidation of the signature. \nCVSS Base score: 8.7 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/186425 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DRM| 2.0.6.14 \n \n\n\n## Remediation/Fixes\n\nTo obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.14, and then apply the latest FixPack 2.0.6.15.\n\n_Product_| _VRMF_| _APAR \n_| _Remediation / First Fix_ \n---|---|---|--- \nIBM Data Risk Manager| 2.0.6.14| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.15_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.14&platform=Linux&function=all> \"DRM_2.0.6.15_FixPack\" ) \n \n---|---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-08T04:10:27", "type": "ibm", "title": "Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36518", "CVE-2020-7226", "CVE-2021-2163", "CVE-2022-21540", "CVE-2022-21541", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-23457", "CVE-2022-24785", "CVE-2022-24891", "CVE-2022-25857", "CVE-2022-2625", "CVE-2022-31129", "CVE-2022-31160", "CVE-2022-31197", "CVE-2022-31679", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3171", "CVE-2022-32250", "CVE-2022-33980", "CVE-2022-34917", "CVE-2022-35737", "CVE-2022-36033", "CVE-2022-3676", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42252", "CVE-2022-42889"], "modified": "2022-12-08T04:10:27", "id": "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "href": "https://www.ibm.com/support/pages/node/6846157", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T18:05:50", "description": "## Summary\n\nIBM has released the below fix for IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-41721](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244775>) \n** DESCRIPTION: **Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/244775](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244775>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-46175](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242965>) \n** DESCRIPTION: **JSON5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the parse method. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H) \n \n** CVEID: **[CVE-2022-43929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241676>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-43927](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241671>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241671](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241671>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2014-3577](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2022-43930](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241677>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241677](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241677>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-29257](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252011>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252011](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252011>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-29255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/251991>) \n** DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/251991](<https://exchange.xforce.ibmcloud.com/vulnerabilities/251991>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-27555](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249187>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. \nCVSS Base score: 5.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249187](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249187>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-26021](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247864>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-25930](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247862>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247862](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247862>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-26022](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247868>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247868>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-27559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249196>) \n** DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249196](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249196>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-25165](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246875>) \n** DESCRIPTION: **Helm could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the getHostByName Function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-10743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170469>) \n** DESCRIPTION: **Archiver could allow a local attacker to traverse directories on the system, caused by a flaw in the \"unarchive\" functions. By persuading a victim to extract a specially-crafted ZIP archive containing \"dot dot slash\" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as \"Zip-Slip\". \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170469](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170469>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-1471](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) \n** DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2022-41716](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240206>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by improper checking for invalid environment variable values in syscall.StartProcess and os/exec.Cmd. By using a specially-crafted environment variable value, an attacker could exploit this vulnerability to set a value for a different environment variable. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2023-24540](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256132>) \n** DESCRIPTION: **Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\", which when viewed, would execute in the victim's Web browser within the security context of the hosting site. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/256132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-29400](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255427>) \n** DESCRIPTION: **Golang Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into the templates, which when parsed, would execute in the victim's Web browser within the security context of the hosting site. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/255427](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255427>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2023-24539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256136>) \n** DESCRIPTION: **Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing multiple actions separated by a '/' character, which when viewed, would execute in the victim's Web browser within the security context of the hosting site. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/256136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-3156](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195658>) \n** DESCRIPTION: **Sudo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing command line arguments. By sending an \"sudoedit -s\" and a command-line argument that ends with a single backslash character, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges. This vulnerability is also known as Baron Samedit. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195658>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19234](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173555>) \n** DESCRIPTION: **sudo could allow a remote attacker to bypass security restrictions, caused by an issue with user block not considered when using the ! character in the shadow file instead of a password hash, an attacker could exploit this vulnerability to impersonate any blocked user. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173555](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173555>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2019-19232](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173554>) \n** DESCRIPTION: **sudo could allow a remote attacker to bypass security restrictions, caused by a flaw with access to a Runas ALL sudoer account. By invoking sudo with a numeric uid not associated with any user, an attacker could exploit this vulnerability to impersonate a nonexistent user. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173554](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173554>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2019-18634](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175358>) \n** DESCRIPTION: **Apple macOS Catalina is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the privileged sudo process. By sending an overly long string to the stdin of getln() in tgetpass.c., a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175358](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175358>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41723](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247965>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploit this vulnerability to cause excessive CPU consumption, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247965>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41724](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248257>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/248257](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248257>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41725](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248957>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw when perform multipart form parsing with mime/multipart.Reader.ReadForm. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to consume largely unlimited amounts of memory and disk files, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/248957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-24532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249655>) \n** DESCRIPTION: **An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2023-24537](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252177>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41881](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause an infinite recursion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242087](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41915](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) \n** DESCRIPTION: **Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker could exploit this vulnerability to inject arbitrary HTTP/1.1 response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-42889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) \n** DESCRIPTION: **OX AppSuite could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Text library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247569>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-33980](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) \n** DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. By using a specially-crafted configuratrion, an attacker could exploit this vulnerability to execute arbitrary code or perform unintentional contact with remote servers . \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25881](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246089>) \n** DESCRIPTION: **Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input using request header values, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-8244](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187518>) \n** DESCRIPTION: **Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sending a specially-crafted argument, an attacker could exploit this vulnerability to obtain sensitive information, or cause a denial of service condition. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) \n \n** CVEID: **[CVE-2022-42004](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42003](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-38752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235310>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38751](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38750](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38749](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-41854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) \n** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-25857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-23918](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247698>) \n** DESCRIPTION: **Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a specially-crafted request using process.mainModule.require(), an attacker could exploit this vulnerability to bypass Permissions and access non authorized modules. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2023-23919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247697>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by not clear the OpenSSL error stack after operations. By sending specially-crafted cryptographic operations, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247697](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247697>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-23936](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247696>) \n** DESCRIPTION: **Node.js is vulnerable to CRLF injection, caused by a flaw in the fetch API. By sending a specially-crafted HTTP response containing CRLF character sequences, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, session hijacking, HTTP response splitting or HTTP header injection. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247696>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2023-24807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247695>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Headers.set() and Headers.append() methods in the fetch API. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247695>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-23920](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247694>) \n** DESCRIPTION: **Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICU_DATA environment variable, an attacker could exploit this vulnerability to search and potentially load ICU data. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247694](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247694>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-37866](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239567>) \n** DESCRIPTION: **Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to overwrite arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239567](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239567>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-37865](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239423>) \n** DESCRIPTION: **Apache Ivy could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could use a specially-crafted archive file containing \"dot dot\" sequences (/../) to write arbitrary files on the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239423](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239423>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-43548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241552>) \n** DESCRIPTION: **Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an insufficient IsAllowedHost check. By sending a specially-crafted DBS request using an invalid octal address, an attacker could exploit this vulnerability to conduct a DNS rebinding attack and execute arbitrary commands on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241552](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241552>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data refresh levels are affected:\n\nAffected Product(s)| Version(s) \n---|--- \nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv3.5 through refresh 10 \nv4.0 through refresh 9 \nv4.5 through refresh 3 \nv4.6 through refresh 6 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data release containing the fix for these issues. They can be applied to refresh levels of v4.5 refresh 3 and above to remediate this vulnerability. Please note: If the affected release is any refresh level of Cloud Pak for Data 3.5, 4.0, 4.5, or 4.6 it is strongly recommended to upgrade to Cloud Pak for Data 4.7.\n\nProduct| Fixed in Fix Pack| Instructions \n---|---|--- \nIBM\u00ae Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data| v4.7| \n\n[Db2 Warehouse: https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=warehouse-upgrading](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=warehouse-upgrading>)\n\n \n[Db2: https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=db2-upgrading](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=db2-upgrading>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-29T18:23:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Db2\u00ae on Cloud Pak for Data and Db2 Warehouse\u00ae on Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2019-10743", "CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234", "CVE-2020-8244", "CVE-2021-3156", "CVE-2022-1471", "CVE-2022-25857", "CVE-2022-25881", "CVE-2022-33980", "CVE-2022-37865", "CVE-2022-37866", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-41716", "CVE-2022-41721", "CVE-2022-41723", "CVE-2022-41724", "CVE-2022-41725", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2022-43548", "CVE-2022-43927", "CVE-2022-43929", "CVE-2022-43930", "CVE-2022-46175", "CVE-2023-23918", "CVE-2023-23919", "CVE-2023-23920", "CVE-2023-23936", "CVE-2023-24532", "CVE-2023-24537", "CVE-2023-24539", "CVE-2023-24540", "CVE-2023-24807", "CVE-2023-25165", "CVE-2023-25930", "CVE-2023-26021", "CVE-2023-26022", "CVE-2023-27555", "CVE-2023-27559", "CVE-2023-29255", "CVE-2023-29257", "CVE-2023-29400"], "modified": "2023-06-29T18:23:38", "id": "CE7D5A1D0996FFAC3B1D8B653E0D11581F2B40F4522A074649FEF0017143DE02", "href": "https://www.ibm.com/support/pages/node/7008449", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T17:57:51", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. This update addresses these CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21724](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218798>) \n** DESCRIPTION: **PostgreSQL JDBC Driver (PgJDBC) could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially-crafted request using the \"authenticationPluginClassName\", \"sslhostnameverifier\", \"socketFactory\", \"sslfactory\", \"sslpasswordcallback\" classes, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218798](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218798>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-31197](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232820>) \n** DESCRIPTION: **PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to PGJDBC implementation of the java.sql.ResultRow.refreshRow() method, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232820](<https://exchange.xforce.ibmcloud.com/vulnerabilities/232820>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-3510](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239916>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for Message-Type Extensions. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239916](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239916>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-4378](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162084>) \n** DESCRIPTION: **IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an authenticated and authorized user using specially crafted PCF messages. IBM X-Force ID: 162084. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40149](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236352>) \n** DESCRIPTION: **jettison-json Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236352](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236352>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40150](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236353>) \n** DESCRIPTION: **jettison-json Jettison is vulnerable to a denial of service, caused by an out of memory flaw. By sending a specially-crafted XML or JSON data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-4682](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186509>) \n** DESCRIPTION: **IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186509](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186509>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39034](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213964>) \n** DESCRIPTION: **IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel process. IBM X-Force ID: 213964. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240853>) \n** DESCRIPTION: **Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readable files in the TemporaryFolder. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192996>) \n** DESCRIPTION: **Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192996](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192996>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2023-1436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250490>) \n** DESCRIPTION: **Jettison is vulnerable to a denial of service, caused by an infinite recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250490](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250490>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-22447](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224648>) \n** DESCRIPTION: **IBM Disconnected Log Collector is vulnerable to potential security misconfigurations that could disclose unintended information. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-42004](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-42003](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/237662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/237662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-1471](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) \n** DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2022-25857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-25194](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246698>) \n** DESCRIPTION: **Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring the connector via the Kafka Connect REST API. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-31684](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240579>) \n** DESCRIPTION: **Tanzu VMware Reactor Netty could allow a remote authenticated attacker to obtain sensitive information, caused by the log of request headers in some cases of invalid HTTP requests. By gaining access to the log file, an attacker could exploit this vulnerability to obtain valid access tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-13956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-34917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236498>) \n** DESCRIPTION: **Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate large amounts of memory on brokers, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40151](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236354>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41966](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243448>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By manipulating the processed input stream at unmarshalling time, a remote attacker could exploit this vulnerability to replace or inject objects and cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243448](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243448>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2022-25647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217225>) \n** DESCRIPTION: **Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace() method, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H) \n \n** CVEID: **[CVE-2018-12023](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151425>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17531](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169073>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue when Default Typing is enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194378>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194378](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194378>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11113](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178903>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14439](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164744>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue when Default Typing is enabled. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-36184](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194379>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194379](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194379>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14061](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183424>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183424>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10969](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178546>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178546](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178546>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-16942](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the commons-dbcp class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11620](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179431>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.jelly.impl.Embedded (aka commons-jelly). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-19361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155092>) \n** DESCRIPTION: **An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155092>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-10202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168251>) \n** DESCRIPTION: **Red Hat JBoss Enterprise Application Platform (EAP) could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization in Codehaus. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168251>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10673](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178107>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.caucho.config.types.ResourceRef (aka caucho-quercus). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178107](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178107>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14379](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165286>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the SubTypeValidator.java. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-16335](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167205>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariDataSource. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167205>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-14720](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155137>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by JDK classes. By sending a specially-crafted XML data. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155137>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-36182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194377>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194377](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194377>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11112](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178902>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178902](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178902>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12814](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-36187](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194382>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14062](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183425>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194384>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194384](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194384>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8840](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185699>) \n** DESCRIPTION: **Multiple Huawei products could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data without proper validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-36181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194376>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194376](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194376>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-19360](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155091>) \n** DESCRIPTION: **An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155091](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155091>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-20190](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195243>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to a class(es) of JDK Swing. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195243](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195243>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183495>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in rg.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183495](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183495>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9547](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177103>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-14719](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155138>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155138](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155138>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-14721](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155136>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11619](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179430>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36185](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194380>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194380](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194380>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24616](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187229>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187229](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187229>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193843>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193843](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193843>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36186](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194381>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194381](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194381>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177108>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using the xalan JNDI gadget. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-11307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163528>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an issue when untrusted content is deserialized with default typing enabled. By sending specially-crafted content over FTP, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163528>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-16943](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the p6spy class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36180](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194375>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11111](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178901>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14892](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177106>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using commons-configuration 1 and 2 JNDI classes. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177106](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177106>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177104>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177104](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177104>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-14718](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155139>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the slf4j-ext class from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155139](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155139>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14540](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167354>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariConfig. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-12086](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-12022](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163227>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when the Default Typing is enabled. By sending a specially-crafted request in LDAP service, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17267](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) \n** DESCRIPTION: **FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-35491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193394>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14060](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183422>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183422>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178544>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178544](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178544>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12384](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the logback-core class from polymorphic deserialization. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24750](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188470>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188470](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188470>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36188](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194383>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194383](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194383>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-19362](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155093>) \n** DESCRIPTION: **An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155093](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155093>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-35490](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193391>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193391](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193391>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-36179](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194374>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9546](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177102>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177102](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177102>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20330](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173897>) \n** DESCRIPTION: **A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173897](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173897>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-10672](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178104>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178104](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178104>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10683](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181356>) \n** DESCRIPTION: **dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-37533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241253>) \n** DESCRIPTION: **Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV response by default. By persuading a victim to connect to specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private network, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241253](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241253>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-30187](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229924>) \n** DESCRIPTION: **Microsoft Azure Storage Library could allow a local authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass security features and cause an impact on confidentiality. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-31159](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231331>) \n** DESCRIPTION: **AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the downloadDirectory method in the AWS S3 TransferManager component. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system. \nCVSS Base score: 7.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/231331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2022-41881](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause an infinite recursion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242087](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41915](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) \n** DESCRIPTION: **Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker could exploit this vulnerability to inject arbitrary HTTP/1.1 response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-24823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225922>) \n** DESCRIPTION: **Netty could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when temporary storing uploads on the disk is enabled. By gaining access to the local system temporary directory, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225922](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225922>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-40154](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236357>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236357](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236357>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40152](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236355>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40156](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236359>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236358>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236358](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236358>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40153](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236356>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-45685](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242596>) \n** DESCRIPTION: **Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending an overly long string using JSON data, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-45693](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242274>) \n** DESCRIPTION: **Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242274](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242274>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-22569](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216851>) \n** DESCRIPTION: **Google Protocol Buffer (protobuf-java) is vulnerable to a denial of service, caused by an issue with allow interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open a specially-crafted content, a remote attacker could exploit this vulnerability to cause a timeout in ProtobufFuzzer function, and results in a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216851>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-3509](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239915>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for textformat data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239915](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239915>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-3171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **177835 \n** DESCRIPTION: **Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177835>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Disconnected Log Collector| v1.0 - v1.8.2 \n \n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\nFollow this link to update to [IBM Disconnected Log Collector v1.8.3](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.5.0&platform=Linux&function=fixId&fixids=DLC-1.8.3&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"IBM Disconnected Log Collector v1.7\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-09-29T18:56:17", "type": "ibm", "title": "Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2019-10202", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17267", "CVE-2019-17531", "CVE-2019-20330", "CVE-2019-4378", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-13956", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-36518", "CVE-2020-4682", "CVE-2020-8840", "CVE-2020-8908", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2021-20190", "CVE-2021-22569", "CVE-2021-37533", "CVE-2021-39034", "CVE-2022-1471", "CVE-2022-21724", "CVE-2022-22447", "CVE-2022-24823", "CVE-2022-25647", "CVE-2022-25857", "CVE-2022-30187", "CVE-2022-31159", "CVE-2022-31197", "CVE-2022-31684", "CVE-2022-3171", "CVE-2022-34917", "CVE-2022-3509", "CVE-2022-3510", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-40153", "CVE-2022-40154", "CVE-2022-40155", "CVE-2022-40156", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-41946", "CVE-2022-41966", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-45685", "CVE-2022-45693", "CVE-2023-1436", "CVE-2023-25194"], "modified": "2023-09-29T18:56:17", "id": "92C2D58DB9DA7102D7F9C515B4EE2CED16C0735F48AA49B707B24837E12E16B9", "href": "https://www.ibm.com/support/pages/node/7042313", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2022-10-26T20:06:13", "description": "![CVE-2022-42889: Keep Calm and Stop Saying ](https://blog.rapid7.com/content/images/2022/10/hero-art-blog.jpeg)\n\n_**UPDATE 10/18/22:** A previous version of this blog indicated that five JDK versions (JDK 15+) were not impacted due to the exclusion of the Nashorn JavaScript engine. However, [an updated PoC ](<https://twitter.com/pwntester/status/1582321752566161409>)came out that uses the `JEXL` engine as an exploit path. If JEXL is present, the code executes successfully, so this issue can be exploited on any JDK where a relevant engine can be leveraged._\n\nCVE-2022-42889, which some have begun calling \u201cText4Shell,\u201d is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input. The vulnerability was announced on October 13, 2022 on the [Apache dev list](<https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om>) and originally reported by [Alvaro Munoz](<https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/>). CVE-2022-42889 arises from insecure implementation of Commons Text\u2019s variable interpolation functionality\u2014more specifically, some [default lookup strings](<https://github.com/apache/commons-text/pull/341>) could potentially accept untrusted input from remote attackers, such as DNS requests, URLs, or inline scripts.\n\nCVE-2022-42889 affects Apache Commons Text versions 1.5 through 1.9. It has been patched as of Commons Text version 1.10. \n \nThe vulnerability has been compared to [Log4Shell](<https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/>) since it is an open-source library-level vulnerability that is likely to impact a wide variety of software applications that use the relevant object. However, initial analysis indicates that this is a bad comparison. The nature of the vulnerability means that unlike Log4Shell, it will be rare that an application uses the vulnerable component of Commons Text to process untrusted, potentially malicious input. \n\nIn summary, much like with [Spring4Shell](<https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/>), there are significant caveats to practical exploitability for CVE-2022-42889. With that said, we still recommend patching any relevant impacted software according to your normal, hair-not-on-fire patch cycle.\n\n## Technical analysis\n\nThe vulnerability exists in the StringSubstitutor interpolator object. An interpolator is created by the StringSubstitutor.createInterpolator() method and will allow for string lookups as defined in the [StringLookupFactory](<https://commons.apache.org/proper/commons-text/apidocs/org/apache/commons/text/lookup/StringLookupFactory.html>). This can be used by passing a string \u201c${prefix:name}\u201d where the prefix is the aforementioned lookup. Using the \u201cscript\u201d, \u201cdns\u201d, or \u201curl\u201d lookups would allow a crafted string to execute arbitrary scripts when passed to the interpolator object. \n\nSince Commons Text is a library, the specific usage of the interpolator will dictate the impact of this vulnerability. As a toy proof of concept, consider:\n\n![CVE-2022-42889: Keep Calm and Stop Saying ](https://lh4.googleusercontent.com/IC97xAX_6lpH_XQG0S7R4Mvj1A-gkCcF0cB9A5-3OB-szaAN19wEGLSkVv2WYSNaZQKr5lji8hRwQS7uWpeXLXbWhIbA1Ofrc_sN94hCaMTjOnx73v3QlZiCxjsfBSBv1H9Y0Ed6FV7KlSErj-ozbFRNYQgsYc-KQcDtlUyodRfSenVxNNezUzaGCg)\n\nWhile this specific code fragment is unlikely to exist in production applications, the concern is that in some applications, the `pocstring` variable may be attacker-controlled. In this sense, the vulnerability echoes Log4Shell. However, the StringSubstitutor interpolator is considerably less widely used than the vulnerable string substitution in Log4j and the nature of such an interpolator means that getting crafted input to the vulnerable object is less likely than merely interacting with such a crafted string as in Log4Shell.\n\n## Mitigation guidance\n\nOrganizations who have direct dependencies on Apache Commons Text should upgrade to the [fixed version](<https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om>) (1.10.0). As with most library vulnerabilities, we will see the usual tail of follow-on vendor advisories with upgrades for products that package vulnerable implementations of the library. We recommend that you install these patches as they become available, and prioritize any where the vendor indicates that their implementation may be remotely exploitable.\n\n## Rapid7 customers\n\nThe October 18 content release for InsightVM and Nexpose contains an authenticated check for CVE-2022-42889 on Unix-like systems. This is a Scan Engine-based check that will report vulnerable on systems with both an affected version of the `commons-text` jar file and a Java Runtime Environment installed. \n\n_October 26 Update: _Support for Insight Agent-based assessments of Windows and Unix-like systems is available as of the October 25 content release. An authenticated check for Windows systems (via the Scan Engine) is available as of the October 26 product release (6.6.166).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-17T20:36:16", "type": "rapid7blog", "title": "CVE-2022-42889: Keep Calm and Stop Saying \"4Shell\"", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-17T20:36:16", "id": "RAPID7BLOG:F7BA3352D40FAE34A5EC64E58595ED85", "href": "https://blog.rapid7.com/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-04T18:10:17", "description": "![Rapid7\u2019s Impact from Apache Commons Text Vulnerability \$CVE-2022-42889\$](https://blog.rapid7.com/content/images/2022/11/emergent-threats-series-hero-background.jpg)\n\nAs stated in our Apache Commons Text [blog post](<https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/>), CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input, and affects versions 1.5 through 1.9. This vulnerability has been patched as of Commons Text version 1.10.\n\nAs part of standard due diligence, Rapid7 evaluates the potential impact of vulnerabilities in its products. This process includes validating the existence of the vulnerable libraries or services, interdependencies, the exploitability of the vulnerability in a given context, and impacts related to applying available patches. \n \nRapid7\u2019s Nexpose console and InsightVM products are confirmed to currently include commons-text.1.6.jar (as of the date of this post). This library is not directly used within the scan engine, but has a shared dependency within the security console. While Rapid7\u2019s assessment has found no paths to exploit for this vulnerability, we do plan to patch this vulnerability in Nexpose and InsightVM during the month of November 2022.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-04T13:00:00", "type": "rapid7blog", "title": "Rapid7\u2019s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-04T13:00:00", "id": "RAPID7BLOG:03100EF4E147989C00719DBF6E752AD3", "href": "https://blog.rapid7.com/2022/11/04/rapid7s-impact-from-apache-commons-text-vulnerability-cve-2022-42889/", "cvss": {"score": 0.0, "vector": "NONE"}}], "atlassian": [{"lastseen": "2023-12-07T02:32:04", "description": "h3. BUG RE-OPENED\r\n\r\n*Jira Service Management*\u00a0*5.4.3* ( which was supposed to be fixed at *9.4.3 / 5.4.3* ) is still generating files with common text library of\u00a0*1.6 version*\u00a0in the\u00a0*/plugins/.osgi-plugins*\u00a0folder.\u00a0*Even after deleting these files, they keep generating them back again in the next restart.* Due to this, Security Scans are still detecting vulnerability for {*}CVE-2022-42889{*}.\r\n{code:java}\r\nfind /data0/atlassian/jira/9.4.3_home/plugins/.osgi-plugins/ -iname commons-text-1.6.jar -exec ls -l {} \\;\r\nrw-rr-. 1 jira jira 197176 Mar 21 17:01 /data0/atlassian/jira/9.4.3_home/plugins/.osgi-plugins/felix/felix-cache/bundle187/version0.0/bundle.jar-embedded/META-INF/lib/commons-text-1.6.jar\r\nrw-rr-. 1 jira jira 197176 Mar 21 17:02 /data0/atlassian/jira/9.4.3_home/plugins/.osgi-plugins/felix/felix-cache/bundle197/version0.0/bundle.jar-embedded/META-INF/lib/commons-text-1.6.jar\r\nrw-rr-. 1 jira jira 197176 Mar 21 17:02 /data0/atlassian/jira/9.4.3_home/plugins/.osgi-plugins/felix/felix-cache/bundle204/version0.0/bundle.jar-embedded/META-INF/lib/commons-text-1.6.jar\r\nrw-rr-. 1 jira jira 197176 Mar 21 17:02 /data0/atlassian/jira/9.4.3_home/plugins/.osgi-plugins/felix/felix-cache/bundle205/version0.0/bundle.jar-embedded/META-INF/lib/commons-text-1.6.jar\r\nrw-rr-. 1 jira jira 197176 Mar 21 17:01 /data0/atlassian/jira/9.4.3_home/plugins/.osgi-plugins/felix/felix-cache/bundle206/version0.0/bundle.jar-embedded/META-INF/lib/commons-text-1.6.jar{code}\r\nIt has been identified by our Developers at [https://asecurityteam.atlassian.net/browse/VULN-1020573] that there are still 5 JAR files from *Jira Service Management*\u00a0that needs to be fixed that is generating these\u00a0common text library of\u00a0*1.6 version* above.\r\n{code:java}\r\nJIRA_HOME/plugins/installed-plugins/servicedesk-reports-plugin-5.4.3-REL-0001.jar\r\nJIRA_HOME/plugins/installed-plugins/jira-servicedesk-application-5.4.3.jar\r\nJIRA_HOME/plugins/installed-plugins/servicedesk-variable-substitution-plugin-5.4.3-REL-0001.jar\r\nJIRA_HOME/plugins/installed-plugins/servicedesk-search-plugin-5.4.3-REL-0001.jar\r\nJIRA_HOME/plugins/installed-plugins/servicedesk-notifications-plugin-5.4.3-REL-0001.jar\r\nJIRA_HOME/plugins/installed-plugins/servicedesk-reports-plugin-5.4.3-REL-0001.jar{code}\r\nh3. --------------------------------------------------------------------------------\r\nh3. DISCLAIMER\r\n{panel:bgColor=#e3fcef}\r\n(!) *Jira*\u00a0{*}IS NOT VULNERABLE to [CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889]{*}.\r\n\r\nThis bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the next numbered release.\r\n\r\nJira does not use the vulnerable module {{org.apache.commons.text.StringSubstitutor}}\r\n{panel}\r\nh3. Issue Summary\r\n\r\nApache Common Text library should be upgraded to 1.10.0 or later to mitigate any exploiting attempts listed on [CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889]\r\n\r\nThis is reproducible on Data Center: yes\r\nh3. Steps to Reproduce\r\n\r\nCheck *org.apache.commons* -> *commons-text* version on *{{pom.xml}}*\r\nh3. Expected Results\r\n\r\napache-common-text 1.10.0+ is expected\r\nh3. Actual Results\r\n\r\napache-common-text 1.9 (or earlier) is used\r\nh3. Workaround\r\n\r\nCurrently there is no known workaround for this behavior. A workaround will be added here when available", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-07T20:21:30", "type": "atlassian", "title": "Upgrade Apache Commons-text for CVE-2022-42889", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-12-07T02:09:16", "id": "JRASERVER-74501", "href": "https://jira.atlassian.com/browse/JRASERVER-74501", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T19:05:25", "description": "h3. DISCLAIMER\r\n{panel:bgColor=#e3fcef}\r\n(!) *Confluence*\u00a0{*}IS NOT VULNERABLE to [CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889]{*}.\r\n\r\nThis bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the next numbered release.\r\n\r\nConfluence does not use the vulnerable module {{org.apache.commons.text.StringSubstitutor}}\r\n{panel}\r\nh3. \u00a0Issue Summary\r\n\r\nApache Common Text library should be upgraded to 1.10.0 or later to mitigate any exploiting attempts listed on\u00a0[CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889]\r\nh3. Steps to Reproduce\r\n\r\nCheck\u00a0*org.apache.commons*\u00a0->\u00a0*commons-text*\u00a0version on\u00a0*{{pom.xml}}*\r\nh3. Expected Results\r\n\r\napache-common-text 1.10.0+ is expected\r\nh3. Actual Results\r\n\r\napache-common-text 1.9 (or earlier) is used\r\nh3. Workaround\r\n\r\nCurrently, there is no known workaround for this behavior. A workaround will be added here when available", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-10T17:03:03", "type": "atlassian", "title": "Upgrade Apache Commons-text for CVE-2022-42889", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-14T06:52:04", "id": "CONFSERVER-81048", "href": "https://jira.atlassian.com/browse/CONFSERVER-81048", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T19:29:43", "description": "In BSERV-13534 commons-text usages were upgraded in the Bitbucket Webapp to mitigate against CVE-2022-42889 (although Bitbucket WebApp was actually unaffected). The bundled OpenSearch should also be updated to 1.3.7 when it is released. The release date is currently scheduled for 13-Dec-2022: https://opensearch.org/releases.html\r\n\r\nReferences:\r\n* https://github.com/opensearch-project/OpenSearch/issues/5126\r\n* https://github.com/opensearch-project/OpenSearch/issues/5094", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-06T23:56:26", "type": "atlassian", "title": "Upgrade OpenSearch to 1.3.7 to mitigate CVE-2022-42889", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-02-09T08:32:03", "id": "BSERV-13588", "href": "https://jira.atlassian.com/browse/BSERV-13588", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-08T11:03:45", "description": "h3. DISCLAIMER\r\n{panel:bgColor=#e3fcef}\r\n(!) *Crowd* {*}IS NOT VULNERABLE to [CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889]{*}.\r\n\r\nThis bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the next numbered release.\r\n\r\nCrowd does not use the vulnerable module {{org.apache.commons.text.StringSubstitutor}}\r\n{panel}\r\nh3. Issue Summary\r\n\r\nApache Common Text library should be upgraded to 1.10.0 or later to mitigate any exploiting attempts listed on\u00a0[CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889]\r\nh3. Steps to Reproduce\r\n\r\nCheck <install-directory>/crowd-webapp/WEB-INF/lib/ for commons-text-X.X.jar\r\nh3. Expected Results\r\n\r\napache-common-text 1.10.0+ is expected\r\nh3. Actual Results\r\n\r\ncommons-text-1.9.jar (or earlier) is used\r\nh3. Workaround\r\n\r\nCurrently there is no known workaround for this behavior. A workaround will be added here when available", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T16:05:18", "type": "atlassian", "title": "Upgrade Apache Commons-text for CVE-2022-42889", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-12-08T10:24:47", "id": "CWD-5892", "href": "https://jira.atlassian.com/browse/CWD-5892", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T19:29:50", "description": "h3. DISCLAIMER\r\n{panel:title=Bundled OpenSearch|borderStyle=solid|borderColor=#3c78b5|titleBGColor=#3c78b5|bgColor=#e7f4fa}\r\nThis issues only covers commons-text usages in the Bitbucket WebApp, not the bundled OpenSearch. To track the upgrade of OpenSearch to a version that contains an updated commons-text dependency please refer to BSERV-13588.\r\n{panel}\r\n{panel:bgColor=#e3fcef}\r\n(!) {*}No exploit through Bitbucket has been discovered, nor has a codepath where the vulnerable class is used been identified. However common-text should be updated as a precaution and to avoid Bitbucket being flagged by vulnerability scanners which will identify the vulnerable commons-text library{*}.\r\n\r\nThis bug was created to track the change required to upgrade the Apache Commons Text library and can be used by customers to follow its progress and get notified on the next numbered release.\r\n\r\nBitbucket DC does not use the vulnerable module {{org.apache.commons.text.StringSubstitutor}}\r\n\r\n*Apache commons-text is used by:*\r\n * {{com.atlassian.plugins:atlassian-nav-links-plugin}}\r\n * \r\n ** only _org.apache.commons.text.StringEscapeUtils_{panel}\r\nh3. Issue Summary\r\n\r\nApache Common Text library should be upgraded to 1.10.0 or later to mitigate any exploiting attempts listed on [CVE-2022-42889|https://vulners.com/cve/CVE-2022-42889]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-24T22:35:59", "type": "atlassian", "title": "Upgrade Apache Commons-text to mitigate CVE-2022-42889 (excludes bundled OpenSearch)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-10-13T02:56:59", "id": "BSERV-13534", "href": "https://jira.atlassian.com/browse/BSERV-13534", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2022-10-26T00:05:45", "description": "A new critical vulnerability CVE-2022-42889 (Text4Shell) in Apache Commons Text library was reported by [Alvaro Mu\u00f1oz](<https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/>).\n\nThe vulnerability, when exploited could result in remote code execution (RCE) applied to untrusted input due to insecure interpolation defaults. As a result, this CVE is rated at CVSS v3 score of 9.8.\n\nThe affected Apache Commons Text versions are 1.5 to 1.9 and it has been patched in version 1.10. When this article is published, this CVE is not expected to be highly widespread as compared to the Log4Shell and Spring4Shell-related CVEs. The fact is that the Apache Common Text package and the use of the specific function StringSubstitutor interpolator are not widely used in production environments, causing critical concerns from the security and technology communities.\n\n## How to Detect Text4Shell Vulnerability via Qualys Container Security\n\nQualys Container Security provides sensors to detect image vulnerabilities from build time to runtime.\n\nUse the Qualys Container Security sensors to detect CVE 2022-42889 with QID: 988179 in your container environments, so you can easily assess the vulnerability impacts of Text4Shell. \n\nTo see all the images impacted by these vulnerabilities, navigate to the Container Security application, go to **Assets **> **Images**, and search using the following QQL query:\n \n \n vulnerabilities.qid: `988179`\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/MicrosoftTeams-image-58-1070x579.png)\n\nSelect the image and navigate to the **Vulnerabilities **tab to view details of the vulnerability.\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/MicrosoftTeams-image-59-1070x537.png)\n\n## Patch the Images****\n\nPatch the detected vulnerable images as soon as possible, to mitigate potential attacks.\n\nQualys recommends using the latest [Qualys Container Security sensors](<https://www.qualys.com/docs/qualys-container-sensor-deployment-guide.pdf>) to scan for Text4Shell vulnerabilities. \n\n[Qualys Container Security](<https://www.qualys.com/apps/container-security/>) offers a comprehensive solution for detecting vulnerabilities, including Text4Shell, across the entire lifecycle of the container from build time to runtime.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-25T21:55:05", "type": "qualysblog", "title": "CVE-2022-42889: Detect Text4Shell via Qualys Container Security", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-25T21:55:05", "id": "QUALYSBLOG:0FD849F43C100CDD6B5098B03FFC4F63", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-28T00:05:52", "description": "On 2022-10-13, Apache Security Team disclosed a critical vulnerability with [CVE-2022-42889](<https://nvd.nist.gov/vuln/detail/CVE-2022-42889>) affecting the popular Apache Commons Text library. This vulnerability is popularly named \u201c**_Text4Shell_**\u201d which when exploited can allow an unauthenticated attacker to execute arbitrary code on the vulnerable asset. A CVSSv3 score of 9.8/10 is assigned to this vulnerability.\n\nApache Common Text versions 1.5 through 1.9 are impacted by this vulnerability and have been patched with Apache Commons Text version 1.10 and above.\n\n### About Apache Common Text\n\nApache Commons Text is a widely popular low-level library for performing various text operations, such as escaping, calculating string differences, and substituting placeholders in the text with values looked up through interpolators. When using the string substitution feature, some of the available interpolators can trigger network access or code execution. This is intended, but it also means an application that includes user input in the string passed to the substitution without properly sanitizing it would allow an attacker to trigger those interpolators.\n\n### Potential Impact of _Text4Shell_ Vulnerability\n\nSuccessful exploitation of this vulnerability allows an unauthenticated attacker to execute arbitrary code on the vulnerable asset. PoC exploits for this vulnerability are already available in the public domain.\n\n#### Qualys QID Coverage\n\nQualys is releasing the QIDs in the table below as they become available, starting with vulnsigs version **_VULNSIGS-2_5_617 _**and in Linux Cloud Agent manifest version **_LX_MANIFEST-2.5.617.2-1_**\n\nQID| Title| Supported On \n---|---|--- \nQID 377639 | Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889) | Scanner + Agent + CS Sensor \nQID 988179 | Java (Maven) Security Update for org.apache.commons:commons-text (GHSA-599f-7c49-w659) | CS Sensor \nQID 377701 | Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889) Scan Utility | Scanner + Agent \n \nPlease check Qualys Vulnerability Knowledgebase for the full list of coverage for **_Text4Shell_** vulnerability.\n\n* * *\n\nThe following guides Qualys customers on how to detect, track and report on _**Text4Shell**_ in their environment.\n\n## Discover Vulnerable Assets Using [Qualys CyberSecurity Asset Management](<https://www.qualys.com/apps/cybersecurity-asset-management/>) (CSAM)\n\n**Identify Assets with Apache Commons Text or Apache Maven Installed**\n\nThe first step in managing this critical vulnerability and reducing risk is the identification of all assets with Apache Common Text. [Qualys CyberSecurity Asset Management](<https://www.qualys.com/apps/cybersecurity-asset-management/>) (CSAM) makes it easy to identify such assets.\n \n \n software:(name:Apache Commons) or software:(name:Apache Maven)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-27_15-08-35-1070x488.png)**_CSAM - Assets Tab View_**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-27_15-11-46-1070x488.png)**_CSAM - Software Tab View_**\n\n**Note: **Make sure you have selected Applications, Unknown, and All Other in the "Type\u201d filter.\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-27_14-00-35-1.png)**_CSAM - Software Tab - Type Filter_**\n\n* * *\n\n## Tagging Vulnerable Assets Using [Qualys CyberSecurity Asset Management](<https://www.qualys.com/apps/cybersecurity-asset-management/>) (CSAM) \n\nOnce the hosts are identified, they can be grouped together with a \u2018dynamic tag\u2019; let\u2019s say: \u201cApache Common Text Assets\u201d. This helps by automatically grouping existing hosts with the above vulnerabilities as well as any new assets that spin up in your environment. **_Tagging makes these grouped assets available for querying, reporting, and management throughout the [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>)_** **_applications._**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/text4shell_post_screenshot-3.png)\n\n* * *\n\n## Discover Vulnerable Assets Using [Qualys Vulnerability Management Detection and Response](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) (VMDR)\n\nQualys provides coverage and visibility for **_Text4Shell_** by enabling organizations to quickly respond, prioritize and reduce the risk from these vulnerabilities. \n\nUsing [Qualys Vulnerability Management Detection and Response](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) (VMDR) with TruRisk the Qualys Query Language (QQL) lets you easily search and prioritize all your assets that are vulnerable to **_Text4Shell_**. \n\nUse this QQL statement: \n \n \n vulnerabilities.vulnerability.cveIDs:`CVE-2022-42889`\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/text4shell_post_screenshot-4.png)\n\n### Prioritize _Text4Shell_ easily with Qualys VMDR TruRisk Mode! \n\nQualys TruRisk VMDR Prioritization makes it easy to prioritize all your **_Text4Shell_** vulnerabilities and other vulns on the same assets which increases the TruRisk of the asset. To do so, apply the tag which has the inventory of assets with exposure to Apache Commons and enable/toggle Qualys TruRisk Mode then select prioritize. \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-27_15-42-48-2.png)\n\n#### Leveraging Qualys\u2019 Software Composition Analysis (SCA) Capabilities for Container Security\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/08/qualys-shield.jpg) Qualys Blog | [CVE-2022-42889: Detect Text4Shell via Qualys Container Security](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/cve-2022-44889-detect-text4shell>)\n\nOpen-source libraries and packages are notoriously difficult to inventory and report on leaving a large hole in an organization's security posture and open to risk due to the use of OSS packages in their organization.\n\nWith Qualys' Software Composition Analysis capabilities for Container Security, you will gain insight into vulnerabilities in your container images, not just for the OS and third-party vulnerabilities but also for any open-source software libraries and packages used by your custom applications.\n\nQualys Container Security customers can leverage Qualys QID: 988179 specifically built on the SCA capability to identify vulnerable **_Text4Shell_** images.\n\nTo see all the images impacted by these vulnerabilities, navigate to the Container Security application, go to Assets > Images, and search using the following QQL query:\n \n \n vulnerabilities.qid: `988179`\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-27_15-52-11-1-1070x579.png)\n\nSelect the image and navigate to the Vulnerabilities tab to view details of the vulnerability.\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/MicrosoftTeams-image-59.png)\n\n* * *\n\n## Windows Out-of-Band Detection for _Text4Shell_\n\nTo help our customers, the Qualys team has created an out-of-band [utility](<https://github.com/Qualys/text4scanwin>) for Windows which performs a \u201cdeep\u201d file scan to find all instances of vulnerable Apache Commons Text libraries. \n\n**The benefit of such a tool** is that it should find all vulnerable instances regardless of the Java application coding, packaging, and deployment method used as it will scan the entire hard drive(s) including archives (and nested JARs) for the Java libraries, the utility will output its results to a console and to `\"%ProgramData%\\Qualys\\Text4Scan\\findings.out\".%`\n\n**The disadvantage** is that this tool performs a \u201cdeep\u201d search on the entire hard drive, including archives, which is a time-consuming and CPU-consuming task. **_As such, we recommend running this tool \u201cout-of-band\u201d. _**\n\nQID 377701: Apache Commons Arbitrary Code Execution (ACE) Vulnerability (Text4Shell) (CVE-2022-42889) Scan Utility will be flagged based on the output of the utility ("%ProgramData%\\Qualys\\Text4Scan\\findings.out".%).\n\n* * *\n\n## Execute the Detection Utility with [Qualys Custom Assessment and Remediation](<https://tinyl.io/79UY>) (CAR)\n\nTime is a critical factor in such zero-day situations. Any delays in detection and remediation leave organizations vulnerable to security risks. [Qualys Custom Assessment and Remediation](<https://tinyl.io/79UY>) (CAR) allows security practitioners to quickly create and execute custom scripts to collect data and initiate response actions on endpoints. This can reduce the organization\u2019s mean time to remediation (MTTR) to zero-day attacks and other threats by 50% or more.\n\nQualys CAR customers can execute the Out-of-Band Detection [utility](<https://github.com/Qualys/text4scanwin>) for **_Text4Shell_** on required assets/asset tags.\n\nThe PowerShell script to execute this utility can be found under [Script Library on GitHub - CVE-2022-42889 (Text4Shell)](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Zero%20Day/CVE-2022-42889\$Text4shell\$>)\n\n**IMPORTANT: **Scripts tend to change over time. **_Please refer to the Qualys GitHub Zero Day [link](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Zero%20Day>) to ensure the most current version of a given _**[_**CVE-2022-42889(Text4shell)**_](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Zero%20Day/CVE-2022-42889\$Text4shell\$>)**_ is in use._**\n\nPlease refer to the script output in Qualys CAR:\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/MicrosoftTeams-image-64-1070x1052.png)\n\n* * *\n\n## Gain exposure visibility and remediation tracking with **\u201c_Text4Shell_\u201d **Unified Dashboard\n\nWith the Qualys Unified Dashboard, you can track the vulnerability exposure within your organization and view your impacted hosts, their status, distribution across environments, and overall management in real-time, allowing you to see your mean time to remediation (MTTR). \n\n[View and download the "](<https://success.qualys.com/support/s/article/Dashboard-Toolbox-Unified-Dashboard-TEXT4SHELL>)[**_Text4Shell_**\u201d ](<https://success.qualys.com/support/s/article/Dashboard-Toolbox-Unified-Dashboard-TEXT4SHELL>)[dashboard](<https://success.qualys.com/support/s/article/Dashboard-Toolbox-Unified-Dashboard-TEXT4SHELL>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/text4shell_post_screenshot-9.png)\n\n* * *\n\n##### Contributors:\n\n * Felix Jimenez, Director, Product Management, Qualys\u202c\n * Himanshu Kathpal, Director, Product Management, Qualys\n * Saeed Abbasi, Manager, Vulnerability Signatures, Qualys\n * Pablo Quiroga, Director of Product Management, Qualys\n * Mohd. Anas Khan, Compliance Research Analyst, Qualys\u202c\n * Mukesh Choudhary, Compliance Research Analyst, Qualys\n * Lavish Jhamb, Solution Architect, Compliance Solutions, Qualys", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-27T17:59:44", "type": "qualysblog", "title": "Text4Shell: Detect, Prioritize and Remediate The Risk Across On-premise, Cloud, Container Environment Using Qualys Platform", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-42889", "CVE-2022-44889"], "modified": "2022-10-27T17:59:44", "id": "QUALYSBLOG:9B8CC75487EDC5E128C015F414259508", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-18T21:29:20", "description": "This Oracle Critical Patch Update contains a group of patches for multiple security vulnerabilities that address 327 new security patches. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. We urge customers to apply these time-sensitive Oracle Critical Patch Updates.\n\nDuring Q1 2023 Oracle Critical Patch Update, the Oracle Communications product suite recorded the highest number of patches at 79, constituting 24% of the total patches released. The Oracle Fusion Middleware and Oracle Communications Applications product lines followed, with 50 and 39 patches, respectively, representing 15% and 12% of the total patches issued. Also, Oracle MySQL receives 37 new security updates.\n\nThe 252 of the 327 or about 77% of security patches about 77% are for non-Oracle CVEs, which are security fixes for issues in third-party products (e.g., open-source components) that are included and exploitable in the context of their Oracle product distributions.\n\nOracle has released its first quarterly update of 2023, addressing 327 new security patches across 29 product families. These product families are included:\n\nOracle Database Server, Oracle Essbase, Oracle GoldenGate, Oracle TimesTen In-Memory Database, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction and Engineering, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Support Tools, Oracle Systems, Oracle Utilities Applications, Oracle Virtualization, Oracle Health Sciences Applications, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Food and Beverage Applications, Oracle Fusion Middleware, Oracle Insurance Applications, Oracle Java SE, Oracle JD Edwards, Oracle MySQL.\n\n* * *\n\n## Qualys QID Coverage \n\nQualys has released eleven (11) QIDs, starting with IP scanning version **VULNSIGS-2.5.678-3/VULNSIGS-2.5.680-2** and Linux Cloud Agent manifest version **lx_manifest-2.5.678.3-2**/**lx_manifest-2.5.680.2-1**. Should additional QIDs be released, they will be added to the table below as they become available:\n\nQID| Title \n---|--- \n87530 | Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2023) \n20318 | Oracle Database 19c Critical Patch Update - January 2023 \n20317| Oracle Database 21c Critical Patch Update - January 2023 \n20316| Oracle MySQL January 2023 Critical Patch Update (CPUJAN2023) \n377904| Oracle Java Standard Edition (SE) Critical Patch Update - January 2023 (CPUJAN2023) \n20319| Oracle Database 19c Critical OJVM Patch Update - January 2023 \n296093| Oracle Solaris 11.4 Support Repository Update (SRU) 53.132.2 Missing (CPUJAN2023) \n377907| Oracle VM VirtualBox Linux Multiple Vulnerabilities (CPUJAN2023) \n377908| Oracle Coherence January 2023 Critical Patch Update (CPUJAN2023) \n377910| Oracle MySQL Connectors 8.0.x Denial of Service (DoS) Vulnerability (CPUJAN2023) \n377911| Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUJAN2023) \n \nCustomers can scan their network with QIDs **377911, 377910, 377908, 377907, 377904, 87530, 296093, 20319, 20318, 20317, and 20316** to detect vulnerable assets.\n\n## Notable Oracle Vulnerabilities Patched \n\n### Oracle Database Server\n\nThe Critical Patch Update for Oracle Database Products contains 9 new security patches. One of these vulnerabilities may be remotely exploitable without authentication.\n\nThe vulnerability identified as CVE-2023-21893 with CVSS v3.1 7.5 in the Oracle Data Provider for .NET for Oracle Database Server may be remotely exploitable without authentication. The attacker with network access via TCPS to compromise Oracle Data Provider for .NET can exploit this vulnerability over a network without requiring user credentials. \n\nThis is a challenging vulnerability to exploit, and successful attacks require human interaction from someone other than the attacker. Thriving attacks of this vulnerability can result in the takeover of Oracle Data Provider for .NET. The Oracle Database Server components and versions affected by the vulnerability Oracle Database Server, versions 19c, 21c. This applies to Database client-only on the Windows platform.\n\n### Oracle Essbase\n\nThe Critical Patch Update for Oracle Essbase Products contains 2 new security patches. One of these vulnerabilities may be remotely exploitable without authentication.\n\nThe critical vulnerability identified as CVE-2022-2274 with CVSS v3.1 9.8 in the Essbase Web Platform (OpenSSL) component for Oracle Essbase can be easily exploitable remotely without authentication. This means the attackers with network access via HTTPS to compromise Oracle Essbase can exploit this vulnerability over a network without requiring user credentials. Successful attacks of this vulnerability can result in a takeover of Oracle Essbase. The Oracle Essbase products and versions affected by the vulnerability are Oracle Essbase, version 21.4.\n\n### Oracle Commerce\n\nThe Critical Patch Update for Oracle Commerce contains 2 new security patches. Both these vulnerabilities may be remotely exploitable without authentication. \n\nThe critical vulnerability recognized as CVE-2022-22965 with CVSS v3.1 9.8 in the Oracle Commerce Guided Search of Oracle Commerce can be easily exploited and allows unauthenticated attackers with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in Oracle Commerce Guided Search takeover. The Oracle Commerce products and versions affected by the vulnerability are Oracle Commerce Guided Search, version 11.3.2\n\n### Oracle Communications Applications\n\nThe Critical Patch Update for Oracle Communications Applications contains 39 new security patches, and 31 of these vulnerabilities may be remotely exploitable without authentication. The highest CVSS v3.1 Base Score of these vulnerabilities concerning Oracle Communications Applications is 9.8.\n\nThe Oracle Communications Applications products and versions affected by vulnerabilities that are addressed in Q1 Oracle Critical Patch Update are:\n\n * Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.7.0\n * Oracle Communications BRM - Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0\n * Oracle Communications Calendar Server, version 8.0.0.6.0\n * Oracle Communications Contacts Server, version 8.0.0.7.0\n * Oracle Communications Convergence, version 3.0.3.1.0\n * Oracle Communications Design Studio, version 7.4.2\n * Oracle Communications Elastic Charging Engine, versions 12.0.0.3.0-12.0.0.7.0\n * Oracle Communications Instant Messaging Server, version 10.0.1.6.0\n * Oracle Communications Messaging Server, version 8.1.0.20.0\n * Oracle Communications MetaSolv Solution, version 6.3.1\n * Oracle Communications Order and Service Management, version 7.4.0\n * Oracle Communications Pricing Design Center, versions 12.0.0.5.0-12.0.0.7.0\n * Oracle Communications Unified Assurance, versions 5.5.0-5.5.9, 6.0.0-6.0.1\n * Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0\n\n### Oracle Communications\n\nThe Critical Patch Update for Oracle Communications contains 80 new security patches for Oracle Communications. Out of that, 64 of these vulnerabilities may be remotely exploitable without authentication. \n\nThe CVE-2022-43403 is a vulnerability in Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications. This has the highest CVSS v3.1 Base Score of 9.9 in this group, and it allows low-privileged attackers with network access via HTTP to easily compromise Oracle Communications Cloud Native Core Unified Data Repository. Since the scope has been changed in this security bug, attacks may significantly impact additional products. Thriving attacks of this security flaw can result in a takeover of Oracle Communications Cloud Native Core Unified Data Repository.\n\nThe Oracle Communications products and versions affected by vulnerabilities that are addressed in Q1 2023 Critical Patch Update are:\n\n * Management Cloud Engine, version 22.1.0.0.0\n * Oracle Communications Cloud Native Core Automated Test Suite, versions 22.2.2, 22.3.1, 22.4.0\n * Oracle Communications Cloud Native Core Binding Support Function, versions 22.1.0, 22.1.1, 22.2.0, 22.2.1, 22.2.2, 22.2.4, 22.3.0-22.4.0\n * Oracle Communications Cloud Native Core Console, versions 22.3.0, 22.4.0\n * Oracle Communications Cloud Native Core Network Data Analytics Function, version 22.0.0.0.0\n * Oracle Communications Cloud Native Core Network Exposure Function, versions 22.3.1, 22.4.0\n * Oracle Communications Cloud Native Core Network Function Cloud Native Environment, version 22.3.0\n * Oracle Communications Cloud Native Core Network Repository Function, versions 22.3.0, 22.3.2\n * Oracle Communications Cloud Native Core Network Slice Selection Function, versions 22.3.1, 22.4.1\n * Oracle Communications Cloud Native Core Policy, versions 1.11.0, 22.3.0, 22.4.0\n * Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 22.3.1, 22.4.0\n * Oracle Communications Cloud Native Core Unified Data Repository, versions 22.2.2, 22.2.3, 22.3.3, 22.3.4, 22.4.0\n * Oracle Communications Converged Application Server, versions 7.1.0, 8.0.0\n * Oracle Communications Diameter Intelligence Hub, version 8.2.3.0\n * Oracle Communications Diameter Signaling Router, version 8.6.0.0\n * Oracle Communications Performance Intelligence Center (PIC) Software, version 10.4.0.4.1\n\n### Oracle Construction and Engineering\n\nThe Critical Patch Update for Oracle Construction and Engineering contains 7 new security patches which 4 of these vulnerabilities may be remotely exploitable without authentication. \n\nThe CVE-2022-42889, which has the highest CVSS v3.1 Base Score of 9.8 in this pack, allows unauthenticated attackers with network access via HTTP to compromise Primavera Gateway to easily exploited this vulnerability.\n\nThe Oracle Construction and Engineering products and versions affected by the vulnerability are Primavera Gateway, versions 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10, 21.12.0-21.12.8 and Primavera Unifier, versions 18.8, 19.12, 20.12, 21.12, 22.12.\n\n### Oracle E-Business Suite \n\nThis Critical Patch Update contains 12 new security patches for Oracle E-Business Suite. Ten of these vulnerabilities may be remotely exploitable without authentication.\n\nThe CVE-2023-21849 is a vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite. This has the highest CVSS v3.1 Base Score of 7.5 in this group, allowing unauthenticated attackers with network access via HTTP to easily compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data.\n\nThe Oracle E-Business Suite products and versions affected by vulnerabilities are Oracle E-Business Suite, versions 12.2.3-12.2.12.\n\n### Oracle Enterprise Manager\n\nThe Critical Patch Update contains three new security patches for Oracle E-Business Suite. Two of these vulnerabilities may be remotely exploitable without authentication.\n\nThe CVE-2022-42889 is a vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager. This has the highest CVSS v3.1 Base Score of 9.8 in this group, and it allows unauthenticated attackers with network access via HTTP to easily compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in a takeover of the Enterprise Manager Base Platform.\n\nThe Oracle Enterprise Manager products and versions affected by vulnerabilities are Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 and Enterprise Manager Ops Center, version 12.4.0.0.\n\n### Oracle Financial Services Applications\n\nThese Critical Patch Update for Oracle Financial Services Applications contains 12 new security patches. Eight of these vulnerabilities may be remotely exploitable without authentication.\n\nThe highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Financial Services Applications is 9.8.\n\nThe Oracle Financial Services Applications products and versions affected by vulnerabilities are Oracle Banking Enterprise Default Management, versions 2.6.2, 2.7.1, 2.12.0, Oracle Banking Loans Servicing, versions 2.8.0, 2.12.0, Oracle Banking Party Management, version 2.7.0, Oracle Banking Platform, versions 2.6.2, 2.7.1, 2.12.0, Oracle Financial Services Crime and Compliance Management Studio, version 8.0.8.3.1.\n\n### Oracle Food and Beverage Applications\n\nThese Critical Patch Update for Oracle Food and Beverage Applications contains seven new security patches. Two of these vulnerabilities may be remotely exploitable without authentication. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Food and Beverage Applications is 8.3.\n\nThe Oracle Food and Beverage Applications products and versions affected by vulnerabilities are Oracle Hospitality Gift and Loyalty, version 9.1.0, Oracle Hospitality Labor Management, version 9.1.0, Oracle Hospitality Reporting and Analytics, version 9.1.0, Oracle Hospitality Simphony, versions 18.2.11, 19.3.4.\n\n### Oracle Fusion Middleware\n\nThe Critical Patch Update for Oracle Fusion Middleware contains 50 new security patches. Forty of these vulnerabilities may be remotely exploitable without authentication. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Fusion Middleware is 9.8.\n\nThe Oracle Fusion Middleware products and versions affected by vulnerabilities are:\n\n * Oracle Access Manager, version 12.2.1.4.0\n * Oracle BI Publisher, versions 5.9.0.0.0, 6.4.0.0.0, 12.2.1.4.0\n * Oracle Business Intelligence Enterprise Edition, versions 5.9.0.0.0, 6.4.0.0.0\n * Oracle Coherence, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0\n * Oracle Fusion Middleware MapViewer, version 12.2.1.4.0\n * Oracle Global Lifecycle Management NextGen OUI Framework, versions prior to 13.9.4.2.11\n * Oracle HTTP Server, version 12.2.1.4.0\n * Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0\n * Oracle Outside In Technology, version 8.5.6\n * Oracle Web Services Manager, version 12.2.1.4.0\n * Oracle WebCenter Content, version 12.2.1.4.0\n * Oracle WebCenter Sites, version 12.2.1.4.0\n * Oracle WebLogic Server, versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0\n\n### Oracle MySQL\n\nThe Critical Patch Update contains 37 new security patches for Oracle MySQL. Seven of these vulnerabilities may be remotely exploitable without authentication. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8.\n\nThe Oracle MySQL products and versions affected by vulnerabilities are:\n\n * MySQL Cluster, versions 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior, 8.0.31 and prior\n * MySQL Connectors, versions 8.0.31 and prior\n * MySQL Enterprise Monitor, versions 8.0.32 and prior\n * MySQL Server, versions 5.7.40 and prior, 8.0.31 and prior\n * MySQL Shell, versions 8.0.31 and prior\n * MySQL Workbench, versions 8.0.31 and prior\n\n* * *\n\nThe rest of the Oracle products, with their number of new security updates along with their highest CVSS v3.1 scores, are as follows:\n\n * Oracle PeopleSoft: 12 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle Supply Chain: 8 new security patches and the highest CVSS v3.1 Base Score of 7.8\n * Oracle Utilities Applications: 7 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle Support Tools: 6 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle Virtualization: 6 new security patches and the highest CVSS v3.1 Base Score of 8.1\n * Oracle HealthCare Applications: 4 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle Java SE: 4 new security patches and the highest CVSS v3.1 Base Score of 8.1\n * Oracle Health Sciences Applications: 2 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle Hyperion: 2 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle JD Edwards: 2 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle Siebel CRM: 2 new security patches and the highest CVSS v3.1 Base Score of 9.8\n * Oracle Hospitality Applications: 1 new security patch and the highest CVSS v3.1 Base Score of 8.8\n * Oracle Insurance Applications: 1 new security patch and the highest CVSS v3.1 Base Score of 6.5\n * Oracle Retail: 1 new security patch and the highest CVSS v3.1 Base Score of 7.5\n * Oracle Systems: 1 new security patch and the highest CVSS v3.1 Base Score of 9.8\n\n* * *\n\n**Note that later today we will update this blog with our QID coverage, Discover and Prioritize Vulnerabilities in [Vulnerability Management, Detection & Response](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) (VMDR) and Rapid Response with [Patch Management](<https://www.qualys.com/apps/patch-management/>) (PM) content. **\n\n## Conclusion\n\nWe at Qualys and Oracle instruct customers to stay on actively supported versions and apply all security patches promptly.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-01-18T00:43:03", "type": "qualysblog", "title": "The January 2023 Oracle Critical Patch Update", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2274", "CVE-2022-22965", "CVE-2022-42889", "CVE-2022-43403", "CVE-2023-21849", "CVE-2023-21893"], "modified": "2023-01-18T00:43:03", "id": "QUALYSBLOG:3F273F13C86516B494271DB7BE04A954", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-27T00:08:39", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 65 new vulnerabilities (aka flaws) in the November 2022 update, including ten (10) vulnerabilities classified as **_[Critical](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system>)_** as they allow Denial of Service (DoS), Elevation of Privilege (EoP), and Remote Code Execution (RCE). This month's Patch Tuesday included a Microsoft Defense in Depth Update ([ADV220003](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220003>)) and addressed six (6) known exploited zero-day vulnerabilities. Earlier this month, on November 2, 2022, Microsoft also released two (2) advisories for OpenSSL 3.x for Azure SDK for C++, C++ Library Manager for Windows (vcpkg), and Microsoft Azure Kubernetes Service ([CVE-2022-3602](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3602>), [CVE-2022-3786](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3786>)). \n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution(RCE), Security Feature Bypass, and Spoofing.\n\n## **The November 2022 Microsoft Vulnerabilities are Classified as Follows:**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/2022-11-08_MSFT-IMPACT-SEV-4.png)In total, Microsoft addressed 68 vulnerabilities: \n65 New CVEs on November 8th, two (2) CVEs on November 2nd, \nand one (1) [ADV220003](<https://msrc.microsoft.com/update-guide/vulnerability/ADV220003>).\n\n * [Microsoft Exploitability Index](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>)\n * [Microsoft Security Update Severity Rating System](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system>)\n\n* * *\n\n# OpenSSL 3.x **Critical Vulnerability** Highlights\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/OpenSSL-Quote.png)_[OpenSSL Vulnerability Recap](<https://blog.qualys.com/vulnerabilities-threat-research/2022/11/03/openssl-vulnerability-recap>) - [Travis Smith](<https://blog.qualys.com/author/tsmith>) VP, Malware Threat Research, Qualys_\n\n## **[CVE-2022-3602](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3602>), [CVE-2022-3786](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3786>) | OpenSSL: X.509 Certificate Verification Buffer Overrun**\n\nThe vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and is known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\n * For more information and guidance see [Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)](<https://msrc-blog.microsoft.com/2022/11/02/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/>).\n * Products Affected: [Azure SDK for C++, C++ Library Manager for Windows (vcpkg)](<https://devblogs.microsoft.com/cppblog/fix-for-high-risk-openssl-security-vulnerabilities-announced-guidance-for-vcpkg-users/>), and [Microsoft Azure Kubernetes Service](<https://github.com/Azure/AKS/issues/3299>)\n\n* * *\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/OpenSSL-Webinar.png)\n\n[**OpenSSL 3.0.7 - What You Need to Know**](<https://gateway.on24.com/wcc/eh/3347108/lp/4012938/openssl-307-what-you-need-to-know>) | [QUALYS ON-DEMAND WEBINAR](<https://gateway.on24.com/wcc/eh/3347108/category/82812/on-demand-webinars>)\n\nWatch Now\n\n#### OpenSSL 3.x Related Blogs and Resources\n\n * [Qualys Research Alert: OpenSSL 3.0.7 \u2013 What You Need To Know](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/31/qualys-research-alert-prepare-for-a-critical-vulnerability-in-openssl-3-0>)\n * [OpenSSL Vulnerability Recap](<https://blog.qualys.com/vulnerabilities-threat-research/2022/11/03/openssl-vulnerability-recap>)\n * [Web Application Scanning - Open SSL Vulnerability](<https://vimeo.com/767696975>)\n * [CyberSecurity Asset Management (CSAM) OpenSSL Visibility](<https://on24static.akamaized.net/event/40/12/93/8/rt/1/documents/resourceList1667463573850/cybersecrityassetmanagementopensslstats1667463572081.pdf>)\n * [Are your applications vulnerable to the OpenSSL 3.x vulnerability?](<https://www.qualys.com/forms/openssl-3-vulnerability/>)\n\n* * *\n\n# Microsoft Addressed Six (6) **Zero-Day Vulnerabilities**\n\nA vulnerability is classified as a **_zero-day_** if it is publicly disclosed or actively exploited with no official fix available.\n\n### Microsoft Exchange _ProxyNotShell_ Zero-Day Fixed (CVE-2022-41040, CVE-2022-41082)\n\n**_IMPORTANT: Qualys has updated QID 50122 - Microsoft Exchange Server Multiple Vulnerabilities (ProxyNotShell)._**_ _\n\n* * *\n\n**A rescan will be required to update existing detections** with the updated Title, Threat, Solution, CVSSv2 Temporal Score, CVSSv3.1 Temporal Score, and multiple RTI updates including, but not limited to the addition of Exploit_Public, Unauthenticated_Exploitation, and Privilege_Escalation.\n\n* * *\n\nWhile [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) and [CVE-2022-41082](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082>) are not considered "new" advisories, per se, Microsoft has chosen to include them in their November 2022 Patch Tuesday release. The [**_ProxyNotShell_**](<https://tinyl.io/7JTp>) ([CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>), [CVE-2022-41082](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082>)) advisories have been updated by Microsoft indicating that patches are now available along with this month\u2019s Security Updates. \n\n * [Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 8, 2022 (KB5019758)](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-november-8-2022-kb5019758-2b3b039b-68b9-4f35-9064-6b286f495b1d>)\n * [Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server](<https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/>)\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Detected**_\n\n* * *\n\n## [CVE-2022-41128](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128>)** | **Windows Scripting Languages Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8 / 10.\n\nThis vulnerability affects the JScript9 scripting language, which is part of the component _Scripting Language_. Successful exploitation requires user interaction by the victim. The attack may be initiated remotely.\n\nThis vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.\n\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n * Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>) Vulnerability\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Detected**_\n\n* * *\n\n## [CVE-2022-41073](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41073>)** | **Windows Print Spooler Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8 / 10.\n\n_The following content was corrected on 2022-11-26: _ Microsoft has not disclosed the technical details of this vulnerability in their [advisory](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41073>), stating only that an attacker who successfully exploited this Elevation of Privilege vulnerability could gain SYSTEM privileges. The advisory provides download links to address the flaw in 60 products.\n\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n * Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>) Vulnerability\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Detected**_\n\n* * *\n\n## [CVE-2022-41125](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41125>)** | **Windows CNG Key Isolation Service Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8 / 10.\n\nAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\n * Windows Next-generation Cryptography (CNG)\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Detected**_\n\n* * *\n\n## [CVE-2022-41091](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41091>)** | **Windows Mark of the Web Security Feature Bypass Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 5.4 / 10.\n\n_The following content was corrected on 2022-11-26: _ An attacker can craft a malicious file that would evade [Mark of the Web](<https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web>) (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.\n\n * In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.\n * In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.\n * Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.\n\nIn all cases, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.\n\nPlease see [Additional information about Mark of the Web](<https://learn.microsoft.com/en-us/deployoffice/security/internet-macros-blocked#additional-information-about-mark-of-the-web>) for further clarification.\n\n * Potential Impact [LOW](<https://www.first.org/cvss/>) for Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Detected**_\n\n* * *\n\n# **Microsoft Patch Tuesday Critical Vulnerability Highlights**\n\n## [CVE-2022-41080](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080>)** | Microsoft Exchange Server Elevation of Privilege (EoP) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.8 / 10.\n\nThe technical details are unknown, and an exploit is not publicly available. Applying a patch can eliminate this problem. Customers are advised to update their Exchange Server systems immediately, regardless of whether any previously recommended mitigation steps have been applied. The mitigation rules are no longer recommended once systems have been patched.\n\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n## [CVE-2022-37966](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966>)** | **Windows Kerberos RC4-HMAC Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1 / 10.\n\nMicrosoft Released: Nov 8, 2022; Microsoft Last updated: Nov 17, 2022\n\nQualys blog updated Nov 26, 2022:\n\n**There is a known issue documented in the security updates that address this vulnerability, where Kerberos authentication might fail for user, computer, service, and GMSA accounts when serviced by Windows domain controllers that have installed Windows security updates released on November 8, 2022. Has an update been released that addresses this known issue?**\n\nYes. The issue is addressed by out-of-band updates released to [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Home.aspx>) on and after November 17, 2022. Customers who have not already installed the security updates released on November 8, 2022, should install the out-of-band updates instead. Customers who have already installed the November 8, 2022, Windows security updates and who are experiencing issues should install the out-of-band updates.\n\nFor more information about these updates, please see the OS version-specific info on [Windows release health](<http://aka.ms/wrh>) at the following links:\n\n * <https://learn.microsoft.com/en/windows/release-health/status-windows-11-22h2#2953msgdesc>\n * <https://learn.microsoft.com/en/windows/release-health/status-windows-11-21h2#2953msgdesc>\n * <https://learn.microsoft.com/en/windows/release-health/status-windows-server-2022#2953msgdesc>\n * <https://learn.microsoft.com/en/windows/release-health/status-windows-10-22h2#2953msgdesc>\n * <https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h2#2953msgdesc>\n * [https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h1#2953msgdesc](<https://learn.microsoft.com/en/windows/release-health/status-windows-10-21h1#2953msgdesc%5D>)\n * [https://learn.microsoft.com/en/windows/release-health/status-windows-10-20h2#2953msgdesc](<https://msrc.microsoft.com/update-guide/vulnerability/%5Bhttps://learn.microsoft.com/en/windows/release-health/status-windows-10-20h2#2953msgdesc>)\n * <https://learn.microsoft.com/en/windows/release-health/status-windows-10-1809-and-windows-server-2019#2953msgdesc>\n\nFor more information please see the **Known Issues** section of [How to manage the Kerberos Protocol changes related to CVE-2022-37966](<https://support.microsoft.com/help/5021131>).\n\nSuccessful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could gain administrator privileges. An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.\n\n * For more information, please see [How to manage the Kerberos Protocol changes related to CVE-2022-37966](<https://support.microsoft.com/help/5021131>).\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n * Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>) Vulnerability\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n## [CVE-2022-41044](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41044>)** | **Windows Point-to-Point Tunneling Protocol Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1 / 10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.\n\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n * Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>) Vulnerability\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n## [CVE-2022-41088](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41088>)** | **Windows Point-to-Point Tunneling Protocol Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1 / 10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.\n\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n * Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>) Vulnerability\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n## [CVE-2022-41118](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41118>)** | **Windows Scripting Languages Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5 / 10.\n\nThis vulnerability impacts both the JScript9 and Chakra scripting languages, which are both parts of the component _Scripting Language_. Successful exploitation requires user interaction by the victim. The attack may be initiated remotely.\n\nThis vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.\n\n * Potential Impact [HIGH](<https://www.first.org/cvss/>) for Confidentiality, Integrity, and Availability. \n * A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.\n * Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>) Vulnerability\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n# **Microsoft Release Summary**\n\nThis month\u2019s [Release Notes](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Nov>) cover multiple Microsoft product families, including Azure, Developer Tools, Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Microsoft Dynamics, Microsoft Office, Open Source Software, and Windows.\n\nA total of 39 unique Microsoft products, features, and roles, including but not limited to Azure CLI, Microsoft Exchange Server Cumulative Update, Windows Endpoint, Windows Server, and Windows Server 2022 Datacenter: Azure Edition (Hotpatch) were included in this release.\n\nDownloads include Cumulative Updates, IE Cumulative, Monthly Rollups, Security Hotpatch Updates, Security Only, and Security Updates.\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\n**For November 2022, Adobe released no patches at all**. They've released as few as one in the past, but this is the first month in the last six years where they had no fixes at all. [_Source_](<https://www.zerodayinitiative.com/blog/2022/11/8/the-november-2022-security-update-review#:~:text=Adobe%20Patches%20for%20November%202022,on%20Election%20Day%20since%202016.>)\n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by 1 pm PT on Wednesday.\n\n* * *\n\n#### [Qualys Microsoft Security Alert, November 8, 2022](<https://www.qualys.com/research/security-alerts/2022-11-08/microsoft/>)\n\nQID | TITLE \n---|--- \n48223 | Microsoft Exchange Server Uniform Resource Locator (URL) Rewrite Mitigation Applied for ProxyNotShell \n50122 | Microsoft Exchange Server Multiple Vulnerabilities (ProxyNotShell) \n50123 | Microsoft Exchange Server Multiple Vulnerabilities for November 2022 \n91954 | Microsoft .NET Framework Information Disclosure Vulnerability for November 2022 \n91956 | Microsoft Windows Security Update for November 2022 \n91957 | Microsoft Windows Server Elevation of Privilege Vulnerability for November 2022 \n91958 | Microsoft Dynamics Business Central Information Disclosure Vulnerability for November 2022 \n91959 | Microsoft Azure Stack Hub Security Updates for November 2022 \n91960 | Microsoft Visual Studio Security Updates for November 2022 \n110419 | Microsoft Office Security Update for November 2022 \n110420 | Microsoft SharePoint Server and Foundation Update for November 2022 \n \n* * *\n\n# Qualys Threat Research Blog Posts\n\n_Published in the Last 30 days; Most Recent First_\n\n * [OpenSSL Vulnerability Recap](<https://blog.qualys.com/vulnerabilities-threat-research/2022/11/03/openssl-vulnerability-recap>)\n * [Qualys Research Alert: OpenSSL 3.0.7 \u2013 What You Need To Know](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/31/qualys-research-alert-prepare-for-a-critical-vulnerability-in-openssl-3-0>)\n * [Qualys Research Team: Threat Thursdays, October 2022](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/27/october-2022-threat-thursday>)\n * [Text4Shell: Detect, Prioritize and Remediate The Risk Across On-premise, Cloud, Container Environment Using Qualys Platform](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/27/text4shell-detect-prioritize-and-remediate-the-risk-across-on-premise-cloud-container-environment-using-qualys-platform>)\n * [Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973) ](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973>)\n * [CVE-2022-42889: Detect Text4Shell via Qualys Container Security](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/cve-2022-44889-detect-text4shell>)\n * [Creating Awareness of External JavaScript Libraries in Web Applications](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/12/creating-awareness-of-external-javascript-libraries-in-web-applications>)\n * [JSON Web Token (JWT) Weaknesses](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/11/json-web-token-jwt-weaknesses>)\n\n* * *\n\n# **Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories**\n\nPublished between October 13, - November 9, 2022, Most Recent First\n\n * [Open Secure Sockets Layer (OpenSSL) Patches High Severity Vulnerabilities (CVE-2022-3602 and CVE-2022-3786)](<https://threatprotect.qualys.com/2022/10/31/openssl-pre-notification-alert-for-a-critical-severity-vulnerability/>)\n * [Google Patches Zero-day vulnerability in Chrome Browser (CVE-2022-3723)](<https://threatprotect.qualys.com/2022/10/29/google-patches-zero-day-vulnerability-in-chrome-browser-cve-2022-3723/>)\n * [Google Chrome Releases New Version to Address Multiple Vulnerabilities](<https://threatprotect.qualys.com/2022/10/26/google-chrome-releases-new-version-to-address-multiple-vulnerabilities/>)\n * [Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday](<https://threatprotect.qualys.com/2022/10/19/oracle-releases-370-security-patches-for-various-oracle-products-in-october-2022-patch-tuesday/>)\n * [Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)](<https://threatprotect.qualys.com/2022/10/18/apache-commons-arbitrary-code-execution-vulnerability-text4shell-cve-2022-42889/>)\n\n* * *\n\n# **Discover and Prioritize Vulnerabilities in **[Vulnerability Management Detection Response](<https://www.qualys.com/apps/vulnerability-management-detection-response/>)** **(VMDR)\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n **Query: **vulnerabilities.vulnerability:( qid:`48223` OR qid:`50122` OR qid:`50123` OR qid:`91954` OR qid:`91956` OR qid:`91957` OR qid:`91958` OR qid:`91959` OR qid:`91960` OR qid:`110419` OR qid:`110420` )\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/2022-11_Nov-VMDR-1070x488.png)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [In-Depth Look Into Data-Driven Science Behind Qualys TruRisk](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/10/in-depth-look-into-data-driven-science-behind-qualys-trurisk>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm](<https://blog.qualys.com/product-tech/2022/08/22/qualys-vmdr-recognized-as-best-vm-solution-by-sc-awards-2022-leader-by-gigaom>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>)\n\n* * *\n\n# **Rapid Response with **[Patch Management](<https://www.qualys.com/apps/patch-management/>) (PM)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches with one click.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n **QUERY:** ( qid:`48223` OR qid:`50122` OR qid:`50123` OR qid:`91954` OR qid:`91956` OR qid:`91957` OR qid:`91958` OR qid:`91959` OR qid:`91960` OR qid:`110419` OR qid:`110420` )\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/2022-11_Nov-PM-1070x488.png)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Get Your Patch Tuesday Vulnerabilities Patched on Tuesday](<https://blog.qualys.com/qualys-insights/2022/11/08/get-your-patch-tuesday-vulnerabilities-patched-on-tuesday>) **_New_**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Why Organizations Struggle with Patch Management (and What to Do about It)](<https://tinyl.io/79TY>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications](<https://blog.qualys.com/qualys-insights/2022/09/08/let-smart-automation-reduce-the-risk-of-zero-day-attacks-on-third-party-applications-2>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# Extend the Power of VMDR to Enterprise Mobile Devices with Qualys [VMDR Mobile](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>) **_New_**\n\nQualys VMDR for enterprise mobile devices provides comprehensive visibility and continuously assesses device, OS, apps, and network vulnerabilities including critical device configurations of mobile devices across your enterprise.\n\nAs mobile devices have become ubiquitous in almost every business process, whether in bank branches, manufacturing sites, or retail stores, they are now hosting business applications and data that is subject to regulatory compliance and security. With access to critical corporate resources inside the corporate network, these mobile devices have become critical assets for organizations, and organizations are facing a new set of security challenges and risks.\n\nQID | Title \n---|--- \n610439 | Google Android October 2022 Security Patch Missing for Huawei EMUI \n610440 | Apple iOS 15.7.1 and iPadOS 15.7.1 Security Update Missing \n610438 | Google Android October 2022 Security Patch Missing for Samsung \n610436 | Google Pixel Android October 2022 Security Patch Missing \n610437 | Google Android Devices October 2022 Security Patch Missing \n610441 | Apple iOS 16.1 and iPadOS 16 Security Update Missing \n \nQualys' Vulnerability Management, Detection, and Response (VMDR) solution extends its power to mobile devices. It provides an in-depth inventory of mobile devices, real-time visibility into vulnerabilities and critical device settings, and built-in remediation with patch orchestration for all Android and iOS/iPadOS devices across the enterprise. An end-to-end solution for mobile device security.\n\nYou can visualize all your impacted mobile devices with vulnerabilities using the following QQL query:\n \n \n **Query:** vulnerabilities.vulnerability:( qid:`610439` OR qid:`610440` OR qid:`610438` OR qid:`610436` OR qid:`610437` OR qid:`610441` ) \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/2022-11_Nov-MOBILE-1-1070x488.png)\n\n**[VMDR Mobile Blogs](<https://blog.qualys.com/tag/vmdr-for-mobile-devices>) **| Qualys, Inc.\n\nQualys VMDR Mobile [**User Guide**](<https://www.qualys.com/docs/qualys-vmdr-mobile-user-guide.pdf>) Version 1.5.0 (June 20, 2022) | Qualys, Inc > [**Documentation**](<https://www.qualys.com/documentation/>)\n\n[**Request a Free VMDR Mobile Trial**](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>)\n\nVMDR Mobile is an out-of-the-box solution that\u2019s centrally managed and self-updating.\n\n* * *\n\n# EXECUTE Mitigation Using [Custom Assessment and Remediation](<https://tinyl.io/79UY>) (CAR)\n\n[Qualys Custom Assessment and Remediation](<https://www.qualys.com/apps/custom-assessment-remediation/>) empowers a system administrator to quickly and easily perform configuration updates on your technology infrastructure when the current situation requires the implementation of a vendor-suggested mitigation or workaround.\n\n**_Mitigation_** refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.\n\nA **_workaround_** is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn\u2019t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. [_Source_](<https://www.techtarget.com/whatis/definition/workaround>)\n\nCustomers can perform the provided mitigation steps by creating a PowerShell script and executing the script on vulnerable assets.\n\n**IMPORTANT: ** Scripts tend to change over time. **_Please refer to the Qualys GitHub Tuesday Patch [link](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch>) to ensure the most current version of a given [Patch Tuesday script](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch>) is in use._**\n\n* * *\n\n## [CVE-2022-37967](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967>) | Windows Kerberos Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.2 / 10.\n\n[Exploitability Assessment:](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>) **_Exploitation More Likely_**\n\n#### **Take Action > **[**KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967**](<https://support.microsoft.com/help/5020805>)\n\nTo help protect your environment and prevent outages, we recommend that you take the following steps: \n\n 1. **UPDATE** your Windows domain controllers with a Windows update released on or after November 8, 2022.\n 2. **MOVE** your Windows domain controllers to Audit mode by using the Registry Key setting section.\n 3. **MONITOR** events filed during Audit mode to secure your environment.\n 4. **ENABLE **Enforcement mode to address [CVE-2022-37967](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967>) in your environment.\n\n**NOTE**: **_Step 1 of installing updates released on or after November 8, 2022, will not address the security issues in [CVE-2022-37967](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967>) for Windows devices by default._** **To fully mitigate the security issue for all devices**, you must move to Audit mode (described in Step 2) followed by Enforcement Mode (described in Step 4) as soon as possible on all Windows domain controllers. \n\n#### Leverage [Custom Assessment and Remediation](<https://tinyl.io/79UY>) for [CVE-2022-37967 Kerberos EOP Vuln](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/November/CVE-2022-37967%20Kerberos%20EOP%20Vuln>) to Execute Step #2: **[Enable Audit Mode](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/November/CVE-2022-37967%20Kerberos%20EOP%20Vuln/Enable%20Audit%20Mode>)**:\n \n \n if (Test-Path -path registry::HKEY_LOCAL_MACHINE\\System\\currentcontrolset\\services\\kdc -ErrorAction Ignore){\n reg add \"HKEY_LOCAL_MACHINE\\System\\currentcontrolset\\services\\kdc\" /v KrbtgtFullPacSignature /t REG_DWORD /d '2' /f | Out-Null\n Write-Output \"Audit mode has been enabled for CVE-2022-37967 mitigation. Value '2' has been configured for KrbtgtFullPacSignature\"\n }\n else {\n Write-Output \" 'HKEY_LOCAL_MACHINE\\System\\currentcontrolset\\services\\kdc' key not found\"\n }\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/Screenshot1-1070x716.png)\n\n#### Leverage [Custom Assessment and Remediation](<https://tinyl.io/79UY>) for [CVE-2022-37967 Kerberos EOP Vuln](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/November/CVE-2022-37967%20Kerberos%20EOP%20Vuln>) to Execute Step #4: [Enable Enforcement Mode](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/November/CVE-2022-37967%20Kerberos%20EOP%20Vuln/Enable%20Enforcement%20Mode>):\n \n \n if (Test-Path -path registry::HKEY_LOCAL_MACHINE\\System\\currentcontrolset\\services\\kdc -ErrorAction Ignore){\n reg add \"HKEY_LOCAL_MACHINE\\System\\currentcontrolset\\services\\kdc\" /v KrbtgtFullPacSignature /t REG_DWORD /d '3' /f | Out-Null\n Write-Output \"Enforcement mode has been enabled for CVE-2022-37967 mitigation. Value '3' has been configured for KrbtgtFullPacSignature\"\n }\n else {\n Write-Output \"'HKEY_LOCAL_MACHINE\\System\\currentcontrolset\\services\\kdc' key not found\"\n }\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/screenshot2-1070x733.png)\n\n* * *\n\n## [CVE-2022-38023](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023>) | Netlogon RPC Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1 / 10.\n\n[Exploitability Assessment:](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>) **_Exploitation More Likely_**\n\nNote: This update protects Windows devices from CVE-2022-38023 by default. For third-party clients and third-party domain controllers, the update is in Compatibility mode by default and allows vulnerable connections from such clients. Refer to the Registry Key settings section for steps to move to Enforcement mode.\n\n#### Leverage [Custom Assessment and Remediation](<https://tinyl.io/79UY>) for [CVE-2022-38023 - Netlogon RPC EOP Vuln](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/November/CVE-2022-38023%20-%20Netlogon%20RPC%20EOP%20Vuln>) to [Enable Enforcement Mode](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/blob/main/Tuesday%20Patch/2022/November/CVE-2022-38023%20-%20Netlogon%20RPC%20EOP%20Vuln/Enable%20Enforcement%20for%20CVE-2022-38023.ps1>):\n \n \n if (Test-Path -path registry::HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters -ErrorAction Ignore){\n reg add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters\" /v RequireSeal /t REG_DWORD /d '2' /f | Out-Null\n Write-Output \"Enforcement mode has been enabled for CVE-2022-38023 mitigation for third-party clients and third-party domain controllers. Value '2' has been configured for RequireSeal\"\n }\n else {\n Write-Output \"'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters' key not found\"\n }\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/11/Screenshot3.png)\n\n* * *\n\n# **EVALUATE Vendor-Suggested Mitigation with **[**Policy Compliance**](<https://www.qualys.com/forms/policy-compliance/>) (PC)\n\n[Qualys Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires implementation validation of a vendor-suggested mitigation or workaround.\n\n**_Mitigation_** refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.\n\nA **_workaround_** is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn\u2019t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. [_Source_](<https://www.techtarget.com/whatis/definition/workaround>)\n\nThe following [Qualys Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended mitigation(s) for this Patch Tuesday:\n\n## [CVE-2022-37967](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967>) | Windows Kerberos Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.2 / 10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **25167** Status of the 'KrbtgtFullPacSignature' setting for the Kerberos\n\n[As per KB5020805, this mitigation should be applied after the patch ](<https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb>)\n\nNOTE: To help protect your environment and prevent outages, [we have outlined the Qualys recommended remediation steps above](<https://blog.qualys.com/vulnerabilities-threat-research/2022/11/08/november-2022-patch-tuesday#QLYS-Recommendation-37967>) and provided Qualys Custom Assessment and Remediation (CAR) supporting scripts.\n\n[Exploitability Assessment:](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>) **_Exploitation More Likely_**\n\n* * *\n\n## [CVE-2022-38023](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023>) | Netlogon RPC Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1 / 10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **25168 ** Status of the 'RequireSeal' setting for the Netlogon Remote Protocol\n\n[As per KB5021130, this mitigation should be applied after the patch ](<https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25>)\n\nNOTE: To help protect your environment and prevent outages, [we have outlined the Qualys recommended remediation steps above](<https://blog.qualys.com/vulnerabilities-threat-research/2022/11/08/november-2022-patch-tuesday#QLYS-Recommendation-38023>) and provided Qualys Custom Assessment and Remediation (CAR) supporting scripts.\n\n[Exploitability Assessment:](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>) **_Exploitation More Likely_**\n\n* * *\n\n# **Patch Tuesday is Complete.**\n\n* * *\n\n# [This Month in Vulnerabilities and Patches](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>) Webinar Series \n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/03/image-1070x560.jpeg)](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\nThe Qualys Product Management and Threat Research team members host a monthly webinar series to help our existing customers leverage the seamless integration between [Qualys Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and [Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, this month\u2019s Patch Tuesday high-impact vulnerabilities will be discussed. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.\n\n* * *\n\n# UPCOMING EVENTS\n\n* * *\n\nThe content within this section will spotlight upcoming Vulnerability Management, Patch Management, Threat Protection, Custom Assessment and Remediation, and Policy Compliance adjacent events available to our prospective, new, and existing customers.\n\n## [**WEBINARS**](<https://gateway.on24.com/wcc/eh/3347108/category/91385/upcoming-webinars>)\n\n## Qualys Workshop Wednesday\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/Workshop_Wednesdays_Webinar_Twitter_600x335-edited.png)](<https://gateway.on24.com/wcc/eh/3347108/category/111238/workshop-wednesday>)**For our December 7th session, we will cover security compliance with Qualys Cloud. **\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/111238/workshop-wednesday>)\n\nAt Qualys Inc, providing cybersecurity through technology is what we do. Join us each month as we tap into the minds of Qualys experts to share how you can get the most out of your investment and understand ways in which you can quickly reduce your cyber risk exposure using the Qualys Cloud Platform. Each 45-minute monthly session, hosted on the first Wednesday of the month, will showcase practical hands-on tips and tricks, news on new capabilities and services, as well as useful customer success stories that can help you get the most out of the Qualys Cloud Platform. \n\n* * *\n\n## Qualys Threat Thursdays\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/ThreatThursday2.png)](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)November 2022 Threat Thursday Topic is **[Empire](<https://github.com/EmpireProject>)**, an Open-Source cross-platform post-exploitation framework that has been in active development since 2015.\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)\n\nThe Qualys Threat Research team invites you to join their regular monthly webinar series covering the latest threat intelligence analysis and insight. \n\nNever miss an update. [Subscribe Today](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)!\n\n[Click Here](<https://tinyl.io/79BC>) to quickly navigate to Qualys Threat Thursday blog posts.\n\n* * *\n\n## [**CONFERENCES**](<https://www.qualys.com/qsc/locations/>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/QSC2022LV.png)_**Sessions and Keynotes will be available on the Qualys site in the coming days.**_\n\n## [Qualys Security Blog | Expert Network Security Guidance and News](<https://blog.qualys.com/>)\n\n * [**QSC 2022 Kickoff: Quantifying and Qualifying Digital Cyber Risks**](<https://blog.qualys.com/qualys-insights/2022/11/09/qsc-2022-kickoff-quantifying-and-qualifying-digital-cyber-risks>)\n * **[QSC 2022 Day 1 Recap: Qualys Gives Organizations More Security in an Ever-Expanding Threat Landscape](<https://blog.qualys.com/qualys-insights/2022/11/10/qsc-2022-day-1-recap-qualys-gives-organizations-more-security-in-an-ever-expanding-threat-landscape>)**\n * [**QSC 2022: Qualys\u2019 Threat Research Unit (TRU) \u2013 Our Shield Is Your Shield**](<https://blog.qualys.com/vulnerabilities-threat-research/2022/11/10/qsc-2022-qualys-threat-research-unit-tru-our-shield-is-your-shield>) _**New**_\n\n* * *\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/qsc22-1-1070x251.png)\n\n[Click Here for More Info](<https://www.qualys.com/qsc>)\n\n* * *\n\n#### This month\u2019s blog content is the result of collaboration with and contributions from:\n\n_In order of appearance_\n\n * Quote: [Travis Smith](<https://blog.qualys.com/author/tsmith>) VP, Malware Threat Research, Qualys\n * QID Content: Arun Kethipelly, Manager, Signature Engineering\n * QID Content: Dianfang (Sabrina) Gao, Lead, QA Engineer\n * VMDR Mobile Content: [Swapnil Ahirrao](<https://blog.qualys.com/author/sahirrao>), Principal Product Manager, VMDR\n * VMDR Mobile Content: Swapnil Bhoskar, Lead, Security Signature Engineer\n * CAR Content: Mukesh Choudhary, Compliance Research Analyst\n * CAR Content: [Lavish Jhamb](<https://blog.qualys.com/author/ljhamb>), Solution Architect, Compliance Solutions\n * PC Content: Xiaoran (Alex) Dong, Manager, Compliance Signature Engineering\n\n* * *", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T21:00:00", "type": "qualysblog", "title": "November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-3602", "CVE-2022-3723", "CVE-2022-3786", "CVE-2022-37966", "CVE-2022-37967", "CVE-2022-38023", "CVE-2022-41040", "CVE-2022-41044", "CVE-2022-41073", "CVE-2022-41080", "CVE-2022-41082", "CVE-2022-41088", "CVE-2022-41091", "CVE-2022-41118", "CVE-2022-41125", "CVE-2022-41128", "CVE-2022-41973", "CVE-2022-41974", "CVE-2022-42889", "CVE-2022-44889", "CVE-2202-3602"], "modified": "2022-11-08T21:00:00", "id": "QUALYSBLOG:5A5DF56C2B4E5DB4176574A83F54FECB", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 0.0, "vector": "NONE"}}], "paloalto": [{"lastseen": "2023-12-06T16:52:35", "description": "Palo Alto Networks has evaluated the Apache Commons Text library vulnerability CVE-2022-42889, known as Text4Shell, for all products and services.\n\nThe Palo Alto Networks Product Security Assurance team has confirmed that all products and services are not impacted by this vulnerability.\n\n**Work around:**\nCustomers with a Threat Prevention subscription can block known attacks for CVE-2022-42889 by enabling Threat ID 93157 (Applications and Threats content update 8632). This mitigation reduces the risk of exploitation from known exploits.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-09T17:00:00", "type": "paloalto", "title": "Impact of Apache Text Commons Vulnerability CVE-2022-42889", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-11-09T17:00:00", "id": "PA-CVE-2022-42889", "href": "https://securityadvisories.paloaltonetworks.com/CVE-2022-42889", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-06T18:21:21", "description": "Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T13:15:00", "type": "debiancve", "title": "CVE-2022-42889", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-13T13:15:00", "id": "DEBIANCVE:CVE-2022-42889", "href": "https://security-tracker.debian.org/tracker/CVE-2022-42889", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-07T13:35:05", "description": "Apache Commons Text performs variable interpolation, allowing properties to\nbe dynamically evaluated and expanded. The standard format for\ninterpolation is \"${prefix:name}\", where \"prefix\" is used to locate an\ninstance of org.apache.commons.text.lookup.StringLookup that performs the\ninterpolation. Starting with version 1.5 and continuing through 1.9, the\nset of default Lookup instances included interpolators that could result in\narbitrary code execution or contact with remote servers. These lookups are:\n- \"script\" - execute expressions using the JVM script execution engine\n(javax.script) - \"dns\" - resolve dns records - \"url\" - load values from\nurls, including from remote servers Applications using the interpolation\ndefaults in the affected versions may be vulnerable to remote code\nexecution or unintentional contact with remote servers if untrusted\nconfiguration values are used. Users are recommended to upgrade to Apache\nCommons Text 1.10.0, which disables the problematic interpolators by\ndefault.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T00:00:00", "type": "ubuntucve", "title": "CVE-2022-42889", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-13T00:00:00", "id": "UB:CVE-2022-42889", "href": "https://ubuntu.com/security/CVE-2022-42889", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-10-19T06:02:24", "description": "A remote code execution vulnerability exists in Apache Commons Text. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T00:00:00", "type": "checkpoint_advisories", "title": "Apache Commons Text Remote Code Execution (CVE-2022-42889)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-18T00:00:00", "id": "CPAI-2022-0703", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "impervablog": [{"lastseen": "2022-10-24T06:06:30", "description": "(_Updated Oct. 19, 2022_)\n\n[CVE-2022-42889](<https://nvd.nist.gov/vuln/detail/CVE-2022-42889>) was recently added to the NVD catalog, with a critical score of 9.8. This vulnerability allows remote code execution (RCE) in Apache Commons Text. It affects version numbers 1.5-1.9, and an upgrade to Apache Commons Text 1.10.0 disables the problem by default. \n\nApache Commons Text, a commonly used library originally released in 2017, includes algorithms for string functionality. The library performs a process called variable interpolation, which evaluates the properties of strings that contain placeholders, in order to replace the placeholders with their corresponding values. However, in versions of the library dating back to 2018, some default lookup instances included evaluations that could result in arbitrary code execution or contact with remote servers. \n\nImperva Threat Research began observing attacks using this vulnerability pick up on the 18th, and attacks are continuing to rise but still not at the rates of previous attacks like Log4shell or Spring4shell. Most attempts come from bots or the programming tool Typhoeus, which runs parallel HTTP requests. Most of the exploitation attempts we\u2019re seeing include attempts to contact remote servers to identify vulnerable applications. However, we\u2019ve also detected malicious attempts to take over vulnerable applications by opening a reverse shell using different programming languages, including Bash, Zshell, Python and Ruby. The US is the most targeted country overall, followed by Colombia and Brazil. Italy had the most attack requests per site, at about 135. Attacks targeted mainly financial, computing, and education sites, with pretty even distribution across the three industries.\n\nImperva customers are protected out of the box from this vulnerability. Users are recommended to upgrade to Apache Commons Text 1.10.0 or install Apache\u2019s released patches as soon as possible. Although existing security rules addressed this vulnerability, Imperva has added dedicated, specific rules to block attempts to exploit this CVE in our CWAF and WAF-GW. \n\nThe post [Apache Commons Text vulnerability CVE-2022-42889](<https://www.imperva.com/blog/apache-commons-text-vulnerability-cve-2022-42889/>) appeared first on [Blog](<https://www.imperva.com/blog>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-18T18:30:39", "type": "impervablog", "title": "Apache Commons Text vulnerability CVE-2022-42889", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2022-10-18T18:30:39", "id": "IMPERVABLOG:93D7B86DA68A59A0F7393E419CB28BC9", "href": "https://www.imperva.com/blog/apache-commons-text-vulnerability-cve-2022-42889/", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2023-12-06T16:41:18", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.59. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:1525\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-05T23:19:11", "type": "redhat", "title": "(RHSA-2023:1524) Critical: OpenShift Container Platform 4.9.59 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889"], "modified": "2023-04-05T23:19:50", "id": "RHSA-2023:1524", "href": "https://access.redhat.com/errata/RHSA-2023:1524", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:22", "description": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nSecurity fix(es):\ntfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record (CVE-2022-32224)\ncandlepin: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\nThis update fixes the following bugs:\n2082209 - Another deadlock issue when syncing repos with high concurrency\n2141308 - It appears that the egg is downloaded every time\n2150069 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12\n2150108 - Satellite-clone not working if ansible-core 2.13 is installed\n2150111 - Insights recommendation sync failing in Satelliite\n2150112 - Random failure of Inventory Sync\n2150114 - Insights-client --register --verbose throwing error UnicodeEncodeError: 'ascii' codec can't encode character '\\ufffd' in position 94: ordinal not in range(128)\n2150118 - Error \"no certificate or crl found\" when using a http proxy as \"Default Http Proxy\" for content syncing or manifest operations in Satellite 6.12\n2150119 - Content view publish fails when the content view and repository both have a large name with : Error message: the server returns an error HTTP status code: 500\n2150123 = Inspecting an image with skopeo no longer works on Capsules\n2150125 - Syncable exports across partitions causes ' Invalid cross-device link' error \n2150120 - Upgrade to Satellite 6.12 may fail to apply RemoveDrpmFromIgnorableContent migration if erratum is also a ignorable content type for any repo \n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-18T14:49:14", "type": "redhat", "title": "(RHSA-2023:0261) Critical: Satellite 6.12.1 Async Security Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32224", "CVE-2022-42003", "CVE-2022-42889"], "modified": "2023-08-10T09:37:00", "id": "RHSA-2023:0261", "href": "https://access.redhat.com/errata/RHSA-2023:0261", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.58. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2023:1867\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-26T05:27:47", "type": "redhat", "title": "(RHSA-2023:1866) Moderate: OpenShift Container Platform 4.10.58 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889", "CVE-2023-25761", "CVE-2023-25762"], "modified": "2023-05-15T06:33:53", "id": "RHSA-2023:1866", "href": "https://access.redhat.com/errata/RHSA-2023:1866", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T16:41:20", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.9.59. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:1524\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nSecurity Fix(es):\n\n* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-05T23:04:04", "type": "redhat", "title": "(RHSA-2023:1525) Moderate: OpenShift Container Platform 4.9.59 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20329", "CVE-2022-42889", "CVE-2023-0286", "CVE-2023-0767"], "modified": "2023-04-05T23:04:42", "id": "RHSA-2023:1525", "href": "https://access.redhat.com/errata/RHSA-2023:1525", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:14", "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section.\n\nSecurity Fix(es):\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* reactor-netty-http: Log request headers in some cases of invalid HTTP requests (CVE-2022-31684)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-08-16T10:54:20", "type": "redhat", "title": "(RHSA-2023:4612) Important: Red Hat support for Spring Boot 2.7.13 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46877", "CVE-2022-1471", "CVE-2022-31684", "CVE-2022-45143", "CVE-2023-1108", "CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-08-16T10:54:37", "id": "RHSA-2023:4612", "href": "https://access.redhat.com/errata/RHSA-2023:4612", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:17", "description": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-17T16:15:17", "type": "redhat", "title": "(RHSA-2023:3195) Important: jenkins and jenkins-2-plugins security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42889", "CVE-2023-24422", "CVE-2023-25761", "CVE-2023-25762", "CVE-2023-27903", "CVE-2023-27904"], "modified": "2023-05-17T16:16:05", "id": "RHSA-2023:3195", "href": "https://access.redhat.com/errata/RHSA-2023:3195", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:22", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.10.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2022-25857) snakeyaml: Denial of Service due to missing nested depth limitation for collections\n* (CVE-2022-42003) jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n* (CVE-2022-42004) jackson-databind: use of deeply nested arrays\n* (CVE-2022-42889) apache-commons-text: variable interpolation RCE\n* (CVE-2022-38749) snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode\n* (CVE-2022-38750) snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject\n* (CVE-2022-38751) snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-07T08:18:33", "type": "redhat", "title": "(RHSA-2022:8876) Moderate: Red Hat AMQ Broker 7.10.2 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25857", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889"], "modified": "2022-12-07T08:18:43", "id": "RHSA-2022:8876", "href": "https://access.redhat.com/errata/RHSA-2022:8876", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:22", "description": "This release of Red Hat build of Quarkus 2.13.5 includes security updates, bug\nfixes, and enhancements. For more information, see the release notes page listed in the References section.\n\nSecurity Fix(es):\n\n* CVE-2022-4147 quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus \n\n* CVE-2022-4116 quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE\n\n* CVE-2022-37734 graphql-java: DoS by malicious query\n\n* CVE-2022-3171 protobuf-java: timeout in parser leads to DoS\n\n* CVE-2022-42889 commons-text: apache-commons-text: variable interpolation RCE\n\n* CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n\n* CVE-2022-42004 jackson-databind: use of deeply nested arrays \n\n* CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-14T13:13:39", "type": "redhat", "title": "(RHSA-2022:9023) Important: Red Hat build of Quarkus 2.13.5 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31197", "CVE-2022-3171", "CVE-2022-37734", "CVE-2022-4116", "CVE-2022-4147", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889"], "modified": "2022-12-14T13:13:56", "id": "RHSA-2022:9023", "href": "https://access.redhat.com/errata/RHSA-2022:9023", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:12", "description": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-10-30T12:31:19", "type": "redhat", "title": "(RHSA-2023:6179) Critical: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25857", "CVE-2022-29599", "CVE-2022-42889", "CVE-2023-24422", "CVE-2023-25761", "CVE-2023-25762", "CVE-2023-39325", "CVE-2023-44487"], "modified": "2023-10-30T12:31:50", "id": "RHSA-2023:6179", "href": "https://access.redhat.com/errata/RHSA-2023:6179", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug\nfixes, and enhancements. For more information, see the release notes page listed\nin the References section.\n\nSecurity Fix(es):\n\n*CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure [quarkus-2]\n\n*CVE-2022-41946 jdbc-postgresql: postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k [quarkus-2]\n\n*CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [quarkus-2.7]\n\n*CVE-2022-42004 jackson-databind: use of deeply nested arrays [quarkus-2.7]\n\n*CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [quarkus-2.7]\n\n*CVE-2022-42889 commons-text: apache-commons-text: variable interpolation RCE [quarkus-2.7]\n\n*CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [quarkus-2]\n\n*CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow [quarkus-2.7]\n\n*CVE-2022-3171 protobuf-java: timeout in parser leads to DoS [quarkus-2]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-08T14:51:11", "type": "redhat", "title": "(RHSA-2023:1006) Important: Red Hat build of Quarkus 2.7.7 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1471", "CVE-2022-31197", "CVE-2022-3171", "CVE-2022-41946", "CVE-2022-41966", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2023-0044"], "modified": "2023-03-08T14:51:33", "id": "RHSA-2023:1006", "href": "https://access.redhat.com/errata/RHSA-2023:1006", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:12", "description": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\nCVE-2023-27904 jenkins: Information disclosure through error stack traces related to agents\nCVE-2023-27903 jenkins: Temporary file parameter created with insecure permissions\nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE \nCVE-2022-1471 jenkins-2-plugins: SnakeYaml: Constructor Deserialization Remote Code Execution\nCVE-2023-24422 jenkins-2-plugins: jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2022-29599 jenkins-2-plugins: maven-shared-utils: Command injection via Commandline class\nCVE-2023-39325 openshift-jenkins-2-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work/\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-10-30T11:04:05", "type": "redhat", "title": "(RHSA-2023:6171) Critical: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1471", "CVE-2022-29599", "CVE-2022-42889", "CVE-2023-24422", "CVE-2023-25761", "CVE-2023-25762", "CVE-2023-27903", "CVE-2023-27904", "CVE-2023-39325"], "modified": "2023-10-30T11:04:26", "id": "RHSA-2023:6171", "href": "https://access.redhat.com/errata/RHSA-2023:6171", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:1656\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF) (CVE-2022-3172)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-12T11:51:14", "type": "redhat", "title": "(RHSA-2023:1655) Critical: OpenShift Container Platform 4.10.56 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3172", "CVE-2022-42889", "CVE-2023-24422", "CVE-2023-25725", "CVE-2023-27898", "CVE-2023-27899", "CVE-2023-27903", "CVE-2023-27904"], "modified": "2023-04-20T05:03:19", "id": "RHSA-2023:1655", "href": "https://access.redhat.com/errata/RHSA-2023:1655", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:12", "description": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\nCVE-2023-27904 jenkins: Information disclosure through error stack traces related to agents\nCVE-2023-27903 jenkins: Temporary file parameter created with insecure permissions\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2022-25857 jenkins-2-plugins: snakeyaml: Denial of Service due to missing nested depth limitation for collections \nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE\nCVE-2020-7692 jenkins-2-plugins: google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization\nCVE-2023-24422 jenkins-2-plugins: jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE\nCVE-2022-29599 jenkins-2-plugins: maven-shared-utils: Command injection via Commandline class\nCVE-2023-39325 openshift-jenkins-2-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-10-30T11:17:33", "type": "redhat", "title": "(RHSA-2023:6172) Critical: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7692", "CVE-2022-25857", "CVE-2022-29599", "CVE-2022-42889", "CVE-2023-24422", "CVE-2023-25761", "CVE-2023-25762", "CVE-2023-27903", "CVE-2023-27904", "CVE-2023-39325"], "modified": "2023-10-30T11:17:58", "id": "RHSA-2023:6172", "href": "https://access.redhat.com/errata/RHSA-2023:6172", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "Red Hat Integration - Camel Extensions for Quarkus 2.13.2 serves as a replacement for 2.7 and includes the following security fixes.\n\nSecurity Fix(es):\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40153)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40155)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40154)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-26T09:40:30", "type": "redhat", "title": "(RHSA-2023:0469) Moderate: Red Hat Integration Camel Extensions For Quarkus 2.13.2", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40149", "CVE-2022-40150", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-40153", "CVE-2022-40154", "CVE-2022-40155", "CVE-2022-40156", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889"], "modified": "2023-01-26T09:40:52", "id": "RHSA-2023:0469", "href": "https://access.redhat.com/errata/RHSA-2023:0469", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:18", "description": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-04T15:55:15", "type": "redhat", "title": "(RHSA-2023:2135) Important: Red Hat Process Automation Manager 7.13.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3782", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-4244", "CVE-2022-4245", "CVE-2022-42889", "CVE-2022-45693", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-1108"], "modified": "2023-11-29T02:09:57", "id": "RHSA-2023:2135", "href": "https://access.redhat.com/errata/RHSA-2023:2135", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T16:41:20", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:1655\n\nSpace precludes documenting all the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-12T11:40:20", "type": "redhat", "title": "(RHSA-2023:1656) Moderate: OpenShift Container Platform 4.10.56 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20329", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3172", "CVE-2022-42889", "CVE-2023-0266", "CVE-2023-0286", "CVE-2023-0461", "CVE-2023-24422", "CVE-2023-27898", "CVE-2023-27899", "CVE-2023-27903", "CVE-2023-27904"], "modified": "2023-04-12T11:40:54", "id": "RHSA-2023:1656", "href": "https://access.redhat.com/errata/RHSA-2023:1656", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:17", "description": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Denial of Service attack (CVE-2023-27900)\n\n* Jenkins: Denial of Service attack (CVE-2023-27901)\n\n* Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-24T17:06:51", "type": "redhat", "title": "(RHSA-2023:3299) Important: jenkins and jenkins-2-plugins security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7692", "CVE-2021-4178", "CVE-2021-46877", "CVE-2022-22978", "CVE-2022-25647", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-42889", "CVE-2023-24422", "CVE-2023-24998", "CVE-2023-25761", "CVE-2023-25762", "CVE-2023-27900", "CVE-2023-27901", "CVE-2023-27902", "CVE-2023-27904"], "modified": "2023-05-26T15:45:31", "id": "RHSA-2023:3299", "href": "https://access.redhat.com/errata/RHSA-2023:3299", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:22", "description": "This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)\n\n* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [fuse-7] (CVE-2021-3717)\n\n* json-smart: Denial of Service in JSONParserByteArray function [fuse-7] (CVE-2021-31684)\n\n* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7] (CVE-2021-44906)\n\n* urijs: Authorization Bypass Through User-Controlled Key [fuse-7] (CVE-2022-0613)\n\n* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections [fuse-7] (CVE-2022-25857)\n\n* urijs: Leading white space bypasses protocol validation [fuse-7] (CVE-2022-24723)\n\n* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)\n\n* netty: world readable temporary file containing sensitive data [fuse-7] (CVE-2022-24823)\n\n* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [fuse-7] (CVE-2022-31197)\n\n* commons-configuration2: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)\n\n* commons-text: apache-commons-text: variable interpolation RCE [fuse-7] (CVE-2022-42889)\n\n* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)\n\n* moment: inefficient parsing algorithm resulting in DoS [fuse-7] (CVE-2022-31129)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7] (CVE-2022-38749)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T14:38:20", "type": "redhat", "title": "(RHSA-2022:8652) Important: Red Hat Fuse 7.11.1 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8331", "CVE-2021-31684", "CVE-2021-3717", "CVE-2021-44906", "CVE-2022-0613", "CVE-2022-2048", "CVE-2022-2053", "CVE-2022-24723", "CVE-2022-24785", "CVE-2022-24823", "CVE-2022-25857", "CVE-2022-31129", "CVE-2022-31197", "CVE-2022-33980", "CVE-2022-38749", "CVE-2022-41853", "CVE-2022-42889"], "modified": "2022-11-28T14:38:35", "id": "RHSA-2022:8652", "href": "https://access.redhat.com/errata/RHSA-2022:8652", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:17", "description": "Multicluster Engine for Kubernetes 2.2.4 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.\n\nSecurity fix(es):\n* CVE-2023-32314 vm2: Sandbox Escape\n* CVE-2023-32313 vm2: Inspect Manipulation", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-05-24T14:14:01", "type": "redhat", "title": "(RHSA-2023:3296) Critical: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2795", "CVE-2022-2928", "CVE-2022-2929", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3172", "CVE-2022-36227", "CVE-2022-41973", "CVE-2022-42889", "CVE-2023-0361", "CVE-2023-24422", "CVE-2023-2491", "CVE-2023-25725", "CVE-2023-27535", "CVE-2023-27898", "CVE-2023-27899", "CVE-2023-27903", "CVE-2023-27904", "CVE-2023-32313", "CVE-2023-32314"], "modified": "2023-05-24T14:14:34", "id": "RHSA-2023:3296", "href": "https://access.redhat.com/errata/RHSA-2023:3296", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:18", "description": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43401)\n\n* jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin (CVE-2022-43402)\n\n* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43403)\n\n* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43404)\n\n* jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin (CVE-2022-43405)\n\n* jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin (CVE-2022-43406)\n\n* maven: Block repositories using http by default (CVE-2021-26291)\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin (CVE-2022-43407)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)\n\n* jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin (CVE-2022-43408)\n\n* jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin (CVE-2022-43409)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-05-17T17:46:13", "type": "redhat", "title": "(RHSA-2023:3198) Critical: jenkins and jenkins-2-plugins security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26291", "CVE-2022-1471", "CVE-2022-25857", "CVE-2022-29599", "CVE-2022-30953", "CVE-2022-30954", "CVE-2022-42889", "CVE-2022-43401", "CVE-2022-43402", "CVE-2022-43403", "CVE-2022-43404", "CVE-2022-43405", "CVE-2022-43406", "CVE-2022-43407", "CVE-2022-43408", "CVE-2022-43409", "CVE-2022-45047", "CVE-2023-24422", "CVE-2023-25761", "CVE-2023-25762", "CVE-2023-27903", "CVE-2023-27904"], "modified": "2023-05-17T17:47:00", "id": "RHSA-2023:3198", "href": "https://access.redhat.com/errata/RHSA-2023:3198", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool.\n\nSecurity Fix(es):\n* CVE-2022-1471 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 candlepin and puppetserver: various flaws \n* CVE-2022-22577 tfm-rubygem-actionpack: rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack \n* CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to denial of service \n* CVE-2022-23515 rubygem-loofah: rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting \n* CVE-2022-23516 rubygem-loofah: Uncontrolled Recursion leading to denial of service \n* CVE-2022-23517 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service \n* CVE-2022-23518 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting \n* CVE-2022-23519 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations \n* CVE-2022-23520 tfm-rubygem-rails-html-sanitizer: rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations \n* CVE-2022-27777 tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers \n* CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution \n* CVE-2022-32224 tfm-rubygem-activerecord: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record\n* CVE-2022-33980 candlepin: apache-commons-configuration2: Apache Commons Configuration insecure interpolation defaults \n* CVE-2022-41323 satellite-capsule:el8/python-django: Potential denial-of-service vulnerability in internationalized URLs \n* CVE-2022-41946 candlepin: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions \n* CVE-2022-42003 CVE-2022-42004 candlepin: various flaws \n* CVE-2022-42889 candlepin: apache-commons-text: variable interpolation RCE \n* CVE-2022-23514 rubygem-loofah: inefficient regular expression leading to denial of service \n* CVE-2023-23969 python-django: Potential denial-of-service via Accept-Language headers \n* CVE-2023-24580 python-django: Potential denial-of-service vulnerability in file uploads\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAdditional Changes:\n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-03T13:09:51", "type": "redhat", "title": "(RHSA-2023:2097) Important: Satellite 6.13 Release", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46877", "CVE-2022-1471", "CVE-2022-22577", "CVE-2022-23514", "CVE-2022-23515", "CVE-2022-23516", "CVE-2022-23517", "CVE-2022-23518", "CVE-2022-23519", "CVE-2022-23520", "CVE-2022-25857", "CVE-2022-27777", "CVE-2022-31163", "CVE-2022-32224", "CVE-2022-33980", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-41323", "CVE-2022-41946", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2023-23969", "CVE-2023-24580"], "modified": "2023-10-19T14:13:38", "id": "RHSA-2023:2097", "href": "https://access.redhat.com/errata/RHSA-2023:2097", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-10-11T12:12:06", "description": "The remote host is affected by the vulnerability described in GLSA-202301-05 (Apache Commons Text: Arbitrary Code Execution)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-11T00:00:00", "type": "nessus", "title": "GLSA-202301-05 : Apache Commons Text: Arbitrary Code Execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2023-09-08T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:commons-text", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202301-05.NASL", "href": "https://www.tenable.com/plugins/nessus/169838", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202301-05.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169838);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/08\");\n\n script_cve_id(\"CVE-2022-42889\");\n\n script_name(english:\"GLSA-202301-05 : Apache Commons Text: Arbitrary Code Execution\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202301-05 (Apache Commons Text: Arbitrary Code\nExecution)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and\n expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an\n instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with\n version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that\n could result in arbitrary code execution or contact with remote servers. These lookups are: - script -\n execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records -\n url - load values from urls, including from remote servers Applications using the interpolation defaults\n in the affected versions may be vulnerable to remote code execution or unintentional contact with remote\n servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons\n Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202301-05\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=877577\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Apache Commons Text users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=dev-java/commons-text-1.10.0\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42889\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:commons-text\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'dev-java/commons-text',\n 'unaffected' : make_list(\"ge 1.10.0\"),\n 'vulnerable' : make_list(\"lt 1.10.0\")\n }\n];\n\nforeach var package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Apache Commons Text');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-11T12:07:29", "description": "The version of Apache Commons Text on the remote host is 1.5.x < 1.10.0. It is, therefore, affected by a remote code execution vulnerability due to unsafe script evaluation in the StringSubstitutor default interpolator. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-19T00:00:00", "type": "nessus", "title": "Apache Commons Text 1.5.x < 1.10.0 Remote Code Execution (CVE-2022-42889)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42889"], "modified": "2023-10-09T00:00:00", "cpe": ["cpe:/a:apache:commons_text"], "id": "APACHE_COMMONS_TEXT_1_10_0.NASL", "href": "https://www.tenable.com/plugins/nessus/166250", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166250);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/09\");\n\n script_cve_id(\"CVE-2022-42889\");\n\n script_name(english:\"Apache Commons Text 1.5.x < 1.10.0 Remote Code Execution (CVE-2022-42889)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A package installed on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Commons Text on the remote host is 1.5.x < 1.10.0. It is, therefore, affected by a remote code\nexecution vulnerability due to unsafe script evaluation in the StringSubstitutor default interpolator. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?06368034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2022/10/13/4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Commons Text 1.10.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42889\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:commons_text\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_commons_text_jar_detect.nbin\");\n script_require_keys(\"installed_sw/Apache Commons Text\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app = 'Apache Commons Text';\n\nvar app_info = vcf::get_app_info(app:app);\n\nvar constraints = [\n {'min_version':'1.5', 'fixed_version':'1.10.0'},\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:56:40", "description": "The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.\n\n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Google Protobuf-Java)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway (CVE-2022-3171) \n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (jackson-databind)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. (CVE-2022-42003)\n\n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Text)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. (CVE-2022-42889)\n\n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI).\n Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data. (CVE-2023-21888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "Oracle Primavera Gateway (Jan 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3171", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2023-21888"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:oracle:primavera_gateway"], "id": "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/170194", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170194);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2022-3171\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-42889\",\n \"CVE-2023-21888\"\n );\n script_xref(name:\"IAVA\", value:\"2023-A-0049\");\n script_xref(name:\"IAVA\", value:\"2023-A-0559\");\n\n script_name(english:\"Oracle Primavera Gateway (Jan 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in\nthe January 2023 CPU advisory.\n\n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin\n (Google Protobuf-Java)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15,\n 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker\n with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera\n Gateway (CVE-2022-3171)\n \n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin\n (jackson-databind)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15,\n 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker\n with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera\n Gateway. (CVE-2022-42003)\n\n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin\n (Apache Commons Text)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15,\n 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker\n with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can\n result in takeover of Primavera Gateway. (CVE-2022-42889)\n\n - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI).\n Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and\n 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via\n HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact\n additional products (scope change). Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read\n access to a subset of Primavera Gateway accessible data. (CVE-2023-21888)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2023 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42889\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_gateway\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_gateway.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Gateway\");\n script_require_ports(\"Services/www\", 8006);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nget_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);\n\nvar port = get_http_port(default:8006);\n\nvar app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nvar constraints = [\n { 'min_version' : '18.8.0', 'fixed_version' : '18.8.16', 'fixed_display':'See vendor advisory' },\n { 'min_version' : '19.12.0', 'fixed_version' : '19.12.16' },\n { 'min_version' : '20.12.0', 'fixed_version' : '20.12.11' },\n { 'min_version' : '21.12.0', 'fixed_version' : '21.12.9' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:57:27", "description": "The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server (Apache Commons Text)). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-42889) \n - Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security).\n Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. (CVE-2023-21832)\n\n - Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security).\n Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. (CVE-2023-21846)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-24T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Publisher (OAS) (Jan 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24329", "CVE-2022-25647", "CVE-2022-42889", "CVE-2023-21832", "CVE-2023-21846", "CVE-2023-21861", "CVE-2023-21891", "CVE-2023-21892"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "id": "ORACLE_BI_PUBLISHER_OAS_CPU_JAN_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/170496", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170496);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2022-24329\",\n \"CVE-2022-25647\",\n \"CVE-2022-42889\",\n \"CVE-2023-21832\",\n \"CVE-2023-21846\",\n \"CVE-2023-21861\",\n \"CVE-2023-21891\",\n \"CVE-2023-21892\"\n );\n script_xref(name:\"IAVA\", value:\"2023-A-0558\");\n\n script_name(english:\"Oracle Business Intelligence Publisher (OAS) (Jan 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Business Intelligence Enterprise Edition (OAS) installed\non the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware\n (component: Analytics Server (Apache Commons Text)). Supported versions that are affected are 5.9.0.0.0\n and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via\n HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this\n vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-42889)\n \n - Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security).\n Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise \n Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI\n Publisher. (CVE-2023-21832)\n\n - Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security).\n Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI\n Publisher. (CVE-2023-21846)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Jan 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24329\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42889\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher');\n\nvar constraints = [\n # Oracle Analytics Server 5.9 / 6.4\n {'min_version': '12.2.5.9.0', 'fixed_version': '12.2.5.9.221222', 'patch': '34920573', 'bundle': '34976621'},\n {'min_version': '12.2.6.4.0', 'fixed_version': '12.2.6.4.230104', 'patch': '34947706', 'bundle': '34976645'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:00:59", "description": "The versions of Oracle Business Intelligence Enterprise Edition (OBIEE) (OAS) installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Commons BeanUtils)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2019-10086)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (zlib)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-37434)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Application Archive (Apache Commons Text)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-42889)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-25T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Enterprise Edition (OAS) (Apr 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000656", "CVE-2019-10086", "CVE-2021-27568", "CVE-2021-4048", "CVE-2021-40690", "CVE-2021-41184", "CVE-2022-1587", "CVE-2022-31160", "CVE-2022-32215", "CVE-2022-37434", "CVE-2022-42003", "CVE-2022-42889", "CVE-2023-21910", "CVE-2023-21952", "CVE-2023-21965"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:oracle:business_intelligence"], "id": "ORACLE_OBIEE_CPU_APR_2023_OAS.NASL", "href": "https://www.tenable.com/plugins/nessus/174743", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174743);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2018-1000656\",\n \"CVE-2019-10086\",\n \"CVE-2021-27568\",\n \"CVE-2021-4048\",\n \"CVE-2021-40690\",\n \"CVE-2021-41184\",\n \"CVE-2022-1587\",\n \"CVE-2022-31160\",\n \"CVE-2022-32215\",\n \"CVE-2022-37434\",\n \"CVE-2022-42003\",\n \"CVE-2022-42889\",\n \"CVE-2023-21910\",\n \"CVE-2023-21952\",\n \"CVE-2023-21965\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"IAVA\", value:\"2023-A-0556\");\n script_xref(name:\"IAVA\", value:\"2023-A-0558\");\n script_xref(name:\"IAVA\", value:\"2023-A-0559\");\n\n script_name(english:\"Oracle Business Intelligence Enterprise Edition (OAS) (Apr 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Business Intelligence Enterprise Edition (OBIEE) (OAS) installed\non the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics \n (component: Analytics Server (Apache Commons BeanUtils)). The supported version that is affected is \n 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP \n to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability \n can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence \n Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business \n Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of \n service (partial DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2019-10086)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics \n (component: Analytics Server (zlib)). The supported version that is affected is 6.4.0.0.0. Easily \n exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise \n Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in \n takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-37434)\n\n - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics \n (component: BI Application Archive (Apache Commons Text)). The supported version that is affected is \n 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP \n to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability \n can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2022-42889)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10086\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-42889\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_analytics_server_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Analytics Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Analytics Server');\n\nvar constraints = [\n {'min_version': '6.4.0.0.0', 'fixed_version': '6.4.0.0.230404', 'fixed_display': '6.4.0.0.230404 patch: 35253109'}\n];\n\nvcf::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:56:39", "description": "The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.\n\n - Vulnerability in the Oracle Database - Machine Learning for Python (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Database User privilege with network access via Oracle Net to compromise Oracle Database - Machine Learning for Python (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database - Machine Learning for Python (Python). (CVE-2021-3737)\n\n - Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. (CVE-2023-21829)\n\n - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. (CVE-2022-39429)\n\n - Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. (CVE-2023-21827)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "Oracle Database Server for Unix (Jan 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25032", "CVE-2020-10735", "CVE-2020-10878", "CVE-2021-29338", "CVE-2021-3737", "CVE-2021-37750", "CVE-2022-1122", "CVE-2022-21597", "CVE-2022-3171", "CVE-2022-39429", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2022-45047", "CVE-2023-21827", "CVE-2023-21829"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JAN_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/170191", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170191);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2020-10735\",\n \"CVE-2020-10878\",\n \"CVE-2021-3737\",\n \"CVE-2021-29338\",\n \"CVE-2021-37750\",\n \"CVE-2022-1122\",\n \"CVE-2022-3171\",\n \"CVE-2022-21597\",\n \"CVE-2022-39429\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-42889\",\n \"CVE-2022-45047\",\n \"CVE-2023-21827\",\n \"CVE-2023-21829\"\n );\n script_xref(name:\"IAVA\", value:\"2023-A-0035-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"IAVA\", value:\"2023-A-0559\");\n\n script_name(english:\"Oracle Database Server for Unix (Jan 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as\nreferenced in the January 2023 CPU advisory.\n\n - Vulnerability in the Oracle Database - Machine Learning for Python (Python) component of Oracle Database\n Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low\n privileged attacker having Database User privilege with network access via Oracle Net to compromise Oracle\n Database - Machine Learning for Python (Python). Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database -\n Machine Learning for Python (Python). (CVE-2021-3737)\n\n - Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported\n versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged\n attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database\n RDBMS Security. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification\n access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read\n access to a subset of Oracle Database RDBMS Security accessible data. (CVE-2023-21829)\n\n - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are\n 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure\n privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java VM. (CVE-2022-39429)\n\n - Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported\n versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged\n attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database\n Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Oracle Database Data Redaction accessible data. (CVE-2023-21827)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score from CVE-2023-21829\");\n script_set_attribute(attribute:\"cvss3_score_rationale\", value:\"Score from CVE-2021-3737\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_rdbms::get_app_info();\n\nvar constraints = [\n # RDBMS:\n {'min_version': '21.0', 'fixed_version': '21.9.0.0.230117', 'missing_patch':'34839741', 'os':'unix', 'component':'db'},\n\n {'min_version': '19.0', 'fixed_version': '19.16.2.0.230117', 'missing_patch':'34771828', 'os':'unix', 'component':'db'},\n {'min_version': '19.17', 'fixed_version': '19.18.0.0.230117', 'missing_patch':'34765931', 'os':'unix', 'component':'db'},\n\n # OJVM:\n {'min_version': '19.0', 'fixed_version': '19.18.0.0.230117', 'missing_patch':'34786990', 'os':'unix', 'component':'ojvm'},\n];\n\nvcf::oracle_rdbms::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:56:59", "description": "The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory.\n\n - Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform.\n (CVE-2023-21893)\n\n - Vulnerability in the Oracle Database - Machine Learning for Python (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Database User privilege with network access via Oracle Net to compromise Oracle Database - Machine Learning for Python (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database - Machine Learning for Python (Python). (CVE-2021-3737)\n\n - Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. (CVE-2023-21829)\n\n - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. (CVE-2022-39429)\n\n - Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. (CVE-2023-21827)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "Oracle Database Server for Windows (Jan 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25032", "CVE-2020-10735", "CVE-2020-10878", "CVE-2021-29338", "CVE-2021-3737", "CVE-2021-37750", "CVE-2022-1122", "CVE-2022-21597", "CVE-2022-3171", "CVE-2022-39429", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2022-45047", "CVE-2023-21827", "CVE-2023-21829", "CVE-2023-21893"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JAN_2023_WIN.NASL", "href": "https://www.tenable.com/plugins/nessus/170192", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170192);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2020-10735\",\n \"CVE-2020-10878\",\n \"CVE-2021-3737\",\n \"CVE-2021-29338\",\n \"CVE-2021-37750\",\n \"CVE-2022-1122\",\n \"CVE-2022-3171\",\n \"CVE-2022-21597\",\n \"CVE-2022-39429\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-42889\",\n \"CVE-2022-45047\",\n \"CVE-2023-21827\",\n \"CVE-2023-21829\",\n \"CVE-2023-21893\"\n );\n script_xref(name:\"IAVA\", value:\"2023-A-0035-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"IAVA\", value:\"2023-A-0559\");\n\n script_name(english:\"Oracle Database Server for Windows (Jan 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as\nreferenced in the January 2023 CPU advisory.\n\n - Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions\n that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with\n network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in\n takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform.\n (CVE-2023-21893)\n\n - Vulnerability in the Oracle Database - Machine Learning for Python (Python) component of Oracle Database\n Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low\n privileged attacker having Database User privilege with network access via Oracle Net to compromise Oracle\n Database - Machine Learning for Python (Python). Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database -\n Machine Learning for Python (Python). (CVE-2021-3737)\n\n - Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported\n versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged\n attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database\n RDBMS Security. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification\n access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read\n access to a subset of Oracle Database RDBMS Security accessible data. (CVE-2023-21829)\n\n - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are\n 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure\n privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java VM. (CVE-2022-39429)\n\n - Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported\n versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged\n attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database\n Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Oracle Database Data Redaction accessible data. (CVE-2023-21827)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score from CVE-2023-21829\");\n script_set_attribute(attribute:\"cvss3_score_rationale\", value:\"Score from CVE-2023-21893\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_rdbms::get_app_info();\n\nvar constraints = [\n # RDBMS:\n {'min_version': '21.0', 'fixed_version': '21.9.0.0.230117', 'missing_patch':'34750812', 'os':'win', 'component':'db'},\n\n {'min_version': '19.0', 'fixed_version': '19.18.0.0.230117', 'missing_patch':'34750795', 'os':'win', 'component':'db'},\n\n # OJVM:\n {'min_version': '19.0', 'fixed_version': '19.18.0.0.230117', 'missing_patch':'34786990', 'os':'win', 'component':'ojvm'}\n];\n\nvcf::oracle_rdbms::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T01:17:29", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2097 advisory.\n\n - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\n Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond. (CVE-2022-1471)\n\n - An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. (CVE-2022-22577)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. (CVE-2022-23514)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1. (CVE-2022-23515)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. (CVE-2022-23516)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. (CVE-2022-23517)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. (CVE-2022-23518)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both math and style elements, or allow both svg and style elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include math or svg and style should either upgrade or use the following workaround immediately: Remove style from the overridden allowed tags, or remove math and svg from the overridden allowed tags. (CVE-2022-23519)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both select and style should either upgrade or use this workaround: Remove either select or style from the overridden allowed tags. NOTE: Code is\n _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize. (CVE-2022-23520)\n\n - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. (CVE-2022-25857)\n\n - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. (CVE-2022-27777)\n\n - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`. (CVE-2022-31163)\n\n - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. (CVE-2022-32224)\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. (CVE-2022-33980)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. (CVE-2022-38752)\n\n - In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. (CVE-2022-41323)\n\n - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.\n (CVE-2022-41946)\n\n - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 (CVE-2022-42003)\n\n - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records - url - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\n - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.\n (CVE-2023-23969)\n\n - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of- service attack. (CVE-2023-24580)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-05T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1471", "CVE-2022-22577", "CVE-2022-23514", "CVE-2022-23515", "CVE-2022-23516", "CVE-2022-23517", "CVE-2022-23518", "CVE-2022-23519", "CVE-2022-23520", "CVE-2022-25857", "CVE-2022-27777", "CVE-2022-31163", "CVE-2022-32209", "CVE-2022-32224", "CVE-2022-33980", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-41323", "CVE-2022-41946", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2023-23969", "CVE-2023-24580"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:libdb-cxx", "p-cpe:/a:rocky:linux:libdb-cxx-debuginfo", "p-cpe:/a:rocky:linux:libdb-debuginfo", "p-cpe:/a:rocky:linux:libdb-debugsource", "p-cpe:/a:rocky:linux:libdb-sql-debuginfo", "p-cpe:/a:rocky:linux:libdb-sql-devel-debuginfo", "p-cpe:/a:rocky:linux:libdb-utils-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2023-2097.NASL", "href": "https://www.tenable.com/plugins/nessus/175139", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2023:2097.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175139);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2022-1471\",\n \"CVE-2022-22577\",\n \"CVE-2022-23514\",\n \"CVE-2022-23515\",\n \"CVE-2022-23516\",\n \"CVE-2022-23517\",\n \"CVE-2022-23518\",\n \"CVE-2022-23519\",\n \"CVE-2022-23520\",\n \"CVE-2022-25857\",\n \"CVE-2022-27777\",\n \"CVE-2022-31163\",\n \"CVE-2022-32224\",\n \"CVE-2022-33980\",\n \"CVE-2022-38749\",\n \"CVE-2022-38750\",\n \"CVE-2022-38751\",\n \"CVE-2022-38752\",\n \"CVE-2022-41323\",\n \"CVE-2022-41946\",\n \"CVE-2022-42003\",\n \"CVE-2022-42004\",\n \"CVE-2022-42889\",\n \"CVE-2023-23969\",\n \"CVE-2023-24580\"\n );\n script_xref(name:\"RLSA\", value:\"2023:2097\");\n\n script_name(english:\"Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2023:2097 advisory.\n\n - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.\n Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using\n SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend\n upgrading to version 2.0 and beyond. (CVE-2022-1471)\n\n - An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for\n non HTML like responses. (CVE-2022-22577)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on\n top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to\n excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of\n service through CPU resource consumption. This issue is patched in version 2.19.1. (CVE-2022-23514)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on\n top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml\n media type in data URIs. This issue is patched in version 2.19.1. (CVE-2022-23515)\n\n - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on\n top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it\n susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of\n service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to\n upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are\n sanitized. (CVE-2022-23516)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain\n configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible\n to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of\n service through CPU resource consumption. This issue has been patched in version 1.4.4. (CVE-2022-23517)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >=\n 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah\n >= 2.1.0. This issue is patched in version 1.4.4. (CVE-2022-23518)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version\n 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an\n attacker to inject content if the application developer has overridden the sanitizer's allowed tags in\n either of the following ways: allow both math and style elements, or allow both svg and style\n elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version\n 1.4.4. All users overriding the allowed tags to include math or svg and style should either upgrade\n or use the following workaround immediately: Remove style from the overridden allowed tags, or remove\n math and svg from the overridden allowed tags. (CVE-2022-23519)\n\n - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version\n 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to\n an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the\n application developer has overridden the sanitizer's allowed tags to allow both select and style\n elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version\n 1.4.4. All users overriding the allowed tags to include both select and style should either upgrade or\n use this workaround: Remove either select or style from the overridden allowed tags. NOTE: Code is\n _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper\n method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize. (CVE-2022-23520)\n\n - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due\n missing to nested depth limitation for collections. (CVE-2022-25857)\n\n - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to\n inject content if able to control input into specific attributes. (CVE-2022-27777)\n\n - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using\n time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data\n source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are\n defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on\n demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers\n correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later,\n `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby\n process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions\n 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path\n if their name follows the rules for a valid time zone identifier and the file has a prefix of\n `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files\n are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated\n before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression\n `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`. (CVE-2022-31163)\n\n - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record <\n 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the\n database (via means like SQL injection), the ability to escalate to an RCE. (CVE-2022-32224)\n\n - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically\n evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used\n to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the\n interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances\n included interpolators that could result in arbitrary code execution or contact with remote servers. These\n lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns\n - resolve dns records - url - load values from urls, including from remote servers Applications using\n the interpolation defaults in the affected versions may be vulnerable to remote code execution or\n unintentional contact with remote servers if untrusted configuration values are used. Users are\n recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators\n by default. (CVE-2022-33980)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the\n parser is running on user supplied input, an attacker may supply content that causes the parser to crash\n by stackoverflow. (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the\n parser is running on user supplied input, an attacker may supply content that causes the parser to crash\n by stack-overflow. (CVE-2022-38752)\n\n - In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject\n to a potential denial of service attack via the locale parameter, which is treated as a regular\n expression. (CVE-2022-41323)\n\n - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either\n `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create\n a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable\n by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory\n is shared between all users on that system. Because of this, when files and directories are written into\n this directory they are, by default, readable by other users on that same system. This vulnerability does\n not allow other users to overwrite the contents of these directories or files. This is purely an\n information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7,\n this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this\n vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to\n patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a\n directory that is exclusively owned by the executing user will mitigate this vulnerability.\n (CVE-2022-41946)\n\n - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a\n check in primitive value deserializers to avoid deep wrapper array nesting, when the\n UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1\n (CVE-2022-42003)\n\n - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in\n BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is\n vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)\n\n - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and\n expanded. The standard format for interpolation is ${prefix:name}, where prefix is used to locate an\n instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with\n version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that\n could result in arbitrary code execution or contact with remote servers. These lookups are: - script -\n execute expressions using the JVM script execution engine (javax.script) - dns - resolve dns records -\n url - load values from urls, including from remote servers Applications using the interpolation defaults\n in the affected versions may be vulnerable to remote code execution or unintentional contact with remote\n servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons\n Text 1.10.0, which disables the problematic interpolators by default. (CVE-2022-42889)\n\n - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language\n headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service\n vector via excessive memory usage if the raw value of Accept-Language headers is very large.\n (CVE-2023-23969)\n\n - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10,\n and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could\n result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-\n service attack. (CVE-2023-24580)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2023:2097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1225819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1266407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1630294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1638226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1650468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1761012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1786358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1787456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1813274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1826648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1837767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1841534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1845489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1880947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1888667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1895976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1920810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1931027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1931533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1950468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1952529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1956210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1956985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1963266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1964037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1965871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1990790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1990875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1995097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1995470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1997186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1997199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2026151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2029402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2032040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2043600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2052904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2056402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2057314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2060099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2062526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2063999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2066323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2069438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2073847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2077363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2080296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2080302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2088156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2088529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2094912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2098079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2101708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2102078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2103936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2104247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2105067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2105441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2106475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2106753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2107758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2108997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2109634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2110551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2111159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2115970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2116375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2118651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2119053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2119155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2119911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2120640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2121210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2121288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2122617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2123932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2124419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2124520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2125424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2125444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2126905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2127180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2127470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2127998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2128894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2129950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2130596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2130698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2131312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2131369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2131839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2132452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2133343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2133615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2134283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2134682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2135435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2136130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2137318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2137350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2137539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2138887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2139545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2140628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2140807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2141810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2142514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2142555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2143695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2144044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2147579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2148433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2148813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2149990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2150380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2151935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2152609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2153751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2154734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2155911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2156294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2156295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2156941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2157627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2157869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2158738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2159974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2160752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2161304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2161776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2162736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2163788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2164989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2165482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2165848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2165952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2166966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2167685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2168967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2169858\");\n s