VDB

CESS-2022-45047

CESS-2022-45047 PUBLISHED CVSS 9.8 CRITICAL

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

  • Nov 16, 2022 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›