Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2022/12/21 6:30 p.m.6 views

io.fabric8:fabric8-maven-plugin (=1.2.0.redhat-133), it.uniroma2.art.maple:maple-karaf-distribution (>=0.0.3 <=0.0.5) +2 more potentially affected by CVE-2022-40145 via org.apache.karaf:apache-karaf (>=4.4.1 <=4.4.11)

org.apache.karaf:apache-karaf MAVEN version =4.4.1, =0.0.3, =0.0.5 - org.apache.camel.karaf:camel-test-karaf =3.19.0 - org.apache.karaf.demos:web =4.1.7 Source cves: CVE-2022-40145 Source advisory: OSV:GHSA-C2P4-8MVV-RWMV...

9.8CVSS7.2AI score0.02404EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/12/21 6:30 p.m.5 views

ch.sourcepond.commons:smartswitch-tests (>=2.0.0 <=4.0.2), ch.sourcepond.io:checksum-tests (>=1.0.3 <=4.0.3) +47 more potentially affected by CVE-2022-40145 via org.apache.karaf:apache-karaf (>=2.0.0 <=4.3.7)

org.apache.karaf:apache-karaf MAVEN version =2.0.0, =2.0.0, =1.0.3, =1.0.0, =1.0.0, =1.5, =1.5.6, =4.4.1, =7.2.0, =6.3.0, =1.1.2, =1.0.0, =2.0.0, =2.0.6, =4.2.8.hyte-4280, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2022-40145 Source advisory: OSV:GHSA-C2P4-8MVV-RWMV...

9.8CVSS7.2AI score0.02404EPSS
Exploits0
NVD
NVD
added 2022/12/21 4:15 p.m.39 views

CVE-2022-40145

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...

9.8CVSS0.02404EPSS
Exploits0References1
OSV
OSV
added 2022/12/21 3:23 p.m.32 views

CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...

9.8CVSS7.8AI score0.02404EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/21 3:23 p.m.39 views

CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...

10AI score0.02404EPSS
Exploits0References1
CVE
CVE
added 2022/12/21 3:23 p.m.106 views

CVE-2022-40145

Apache Karaf prior to 4.4.2 and 4.3.8 is affected by CVE-2022-40145 due to a lack of validation in JDBCUtils.doCreateDatasource when a JNDI LDAP data source URI is used. An attacker who controls the target LDAP server can trigger remote code execution by injecting a crafted JNDI name into Initial...

9.8CVSS9.9AI score0.02404EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder