Lucene search
Redhat.comRH:CVE-2022-40145HistoryJan 08, 2024 - 6:00 p.m.
CVE-2022-40145
2024-01-0818:00:43
redhat.com
access.redhat.com
15
apache karaf
flaw
remote code execution
ldap
jdbc jndi url
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
Low
EPSS
0.001
Percentile
38.6%
A flaw was found in Apache Karaf. This issue may allow an attacker to control the LDAP server used by the JDBC JNDI URL and execute code remotely (RCE).
Mitigation
No mitigation is currently available.
Related
veracode
veracode
Remote Code Execution (RCE)
2022-12-22 00:55:43
cve
cve
CVE-2022-40145
2022-12-21 16:15:08
osv
osv
Apache Karaf vulnerable to potential code injection
2022-12-21 18:30:22
CVE-2022-40145
2022-12-21 16:15:08
prion
prion
Code injection
2022-12-21 16:15:00
github
github
Apache Karaf vulnerable to potential code injection
2022-12-21 18:30:22
nvd
nvd
CVE-2022-40145
2022-12-21 16:15:08
cvelist
cvelist
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection
2022-12-21 15:23:42
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
Low
EPSS
0.001
Percentile
38.6%
Related for RH:CVE-2022-40145