SUSE CVE-2022-2047

🗓️ 15 Feb 2023 03:33:08Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 2 Views

CVE-2022-2047: Jetty HttpURI misclassifies invalid authority as hostname, causing proxy failures.

Reporter	Title	Published	Views	Family All 99
IBM Security Bulletins	Security Bulletin: IBM Secure External Authentication Server is vulnerable to multiple issues due to Eclipse Jetty	29 Jul 202217:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518)	29 Sep 202214:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2022-2047	1 Feb 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in Eclipse Jetty used by IBM Maximo Asset Management (CVE-2022-2047)	2 Mar 202314:09	–	ibm
IBM Security Bulletins	Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology	7 Jun 202406:01	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities	27 Mar 202608:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate these vulnerabilities.	22 Nov 202213:50	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities	11 Mar 202620:59	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	jetty-annotations	9.4.48-1.1	jetty-annotations-9.4.48-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jetty-annotations	9.4.48-150200.3.16.3	jetty-annotations-9.4.48-150200.3.16.3.noarch.rpm
OpenSUSE Tumbleweed	–	any	jetty-ant	9.4.48-1.1	jetty-ant-9.4.48-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jetty-ant	9.4.48-150200.3.16.3	jetty-ant-9.4.48-150200.3.16.3.noarch.rpm
OpenSUSE Tumbleweed	–	any	jetty-cdi	9.4.48-1.1	jetty-cdi-9.4.48-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jetty-cdi	9.4.48-150200.3.16.3	jetty-cdi-9.4.48-150200.3.16.3.noarch.rpm
OpenSUSE Tumbleweed	–	any	jetty-client	9.4.48-1.1	jetty-client-9.4.48-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jetty-client	9.4.48-150200.3.16.3	jetty-client-9.4.48-150200.3.16.3.noarch.rpm
OpenSUSE Tumbleweed	–	any	jetty-continuation	9.4.48-1.1	jetty-continuation-9.4.48-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jetty-continuation	9.4.48-150200.3.16.3	jetty-continuation-9.4.48-150200.3.16.3.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2022-2047
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1201317
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-March/014085.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-March/014086.html
lists	www.lists.suse.com/pipermail/sle-updates/2023-March/028253.html
lists	www.lists.suse.com/pipermail/sle-updates/2023-March/028254.html

27 May 2026 05:12Current

8.6High risk

Vulners AI Score8.6

CVSS 3.12.7

EPSS0.00931

jetty httpuri proxy vulnerability 2022 2047