VDB
CVE-2022-2191
CVE-2022-2191
PUBLISHED
CVSS 8.699999809265137 HIGH
Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.
EPSS 1.72% · 82.8th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.72%
82.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM Tivoli Network Manager 4.2.0 | |
| Eclipse | Eclipse Jetty <9.4.48 | |
| IBM | IBM Integration Bus | |
| Eclipse | Eclipse Jetty <11.0.11 | |
| IBM | IBM Rational Change 5.3.2.4 | |
| IBM | IBM Tivoli Netcool/OMNIbus 8.1.0 | |
| Hitachi | Hitachi Ops Center | |
| IBM | IBM Installation Manager 1.4-1.10.1.0 | |
| IBM | IBM QRadar SIEM 7.4 | |
| IBM | IBM InfoSphere Information Server 11.7 | |
| IBM | IBM Spectrum Protect <10.1.14 | |
| Red Hat | Red Hat Enterprise Linux | |
| JFrog | JFrog Artifactory <7.46.3 | |
| Eclipse | Eclipse Jetty <10.0.11 | |
| IBM | IBM QRadar SIEM 7.5 | |
| IBM | IBM Maximo Asset Management 7.6.1.3 | |
| Broadcom | Broadcom Brocade SANnav <2.3.1a | |
| Debian | Debian Linux |
Exploit Intelligence
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 (nist-nvd)
- owasp-exclude.xml (github-poc)
- owasp-exclude.xml (github-poc)
- owasp-exclude.xml (github-poc)
- owasp-exclude.xml (github-poc)
- owasp-exclude.xml (github-poc)
- owasp-exclude.xml (github-poc)
Timeline
- Jul 7, 2022 CVE Published
- Jul 8, 2022 EPSS Score
- Aug 25, 2022 EPSS Score
- Sep 23, 2022 CVE Updated
- Oct 12, 2022 EPSS Score
- Jan 14, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 19, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0614.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0614 advisory
- https://www.eclipse.org/lists/jetty-announce/msg00171.html advisory
- https://lists.debian.org/debian-security-announce/2022/msg00167.html advisory
- https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html advisory
- https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-rational-change-fix-pack-04-for-5-3-2/ advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-eclipse-jetty-affect-ibm-infosphere-information-server/ advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-14/ advisory
- https://access.redhat.com/errata/RHSA-2022:8652 advisory
- https://www.ibm.com/support/pages/node/6852233 advisory
- https://access.redhat.com/errata/RHSA-2023:0189 advisory
- https://www.ibm.com/support/pages/node/6959601 advisory
- https://www.ibm.com/support/pages/node/6965698 advisory
- https://www.ibm.com/support/pages/node/6965816 advisory
- https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-117/index.html advisory
- https://www.ibm.com/support/pages/node/7014699 advisory
- https://www.ibm.com/support/pages/node/7082766 advisory
- https://www.ibm.com/support/pages/node/7153639 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25087 advisory
…and 1 more