VDB
CVE-2022-22942
CVE-2022-22942
PUBLISHED
CVSS 8.699999809265137 HIGH
In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten OpenSSL, Container Backup and Restore, Storage Agent, Client, Operations Center, Linux Kernel, MinIO , Golang Go, Java SE und in den Prozessen dsmcad, dsmc und dsmcsvc. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, beliebigen Code auszuführen, seine Rechte zu erweitern oder beliebigen Code mit Root-Rechten auszuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.
EPSS 13.53% · 94.3th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
13.53%
94.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Avaya Aura Session Manager | |
| Juniper | Juniper EX Series EX9200 | |
| Juniper | Juniper EX Series | |
| Red Hat | Red Hat Enterprise Linux | |
| Juniper | Juniper EX Series 4100 | |
| Ubuntu | Ubuntu Linux | |
| Juniper | Juniper Junos Space <22.2R1 | |
| Juniper | Juniper MX Series | |
| Juniper | Juniper EX Series 4400 | |
| Avaya | Avaya Aura Communication Manager | |
| Juniper | Juniper JUNOS Evolved | |
| Oracle | Oracle Linux | |
| Amazon | Amazon Linux 2 | |
| Avaya | Avaya Aura Application Enablement Services | |
| Juniper | Juniper EX Series 4600 | |
| Open Source | Open Source CentOS | |
| Juniper | Juniper SRX Series | |
| Debian | Debian Linux | |
| Juniper | Juniper JUNOS PTX Series | |
| IBM | IBM Spectrum Protect 10.1 |
…and 11 more
Timeline
- Jan 27, 2022 CVE Published
- Feb 1, 2023 PoC Published
- Dec 13, 2023 EPSS Score
- Jan 11, 2024 EPSS Score
- Feb 9, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jun 5, 2024 EPSS Score
- Jul 4, 2024 EPSS Score
- Sep 1, 2024 EPSS Score
- Sep 30, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0515.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0515 advisory
- https://ubuntu.com/security/notices/USN-6151-1 advisory
- https://www.cybersecurity-help.cz/vdb/SB2023032948 advisory
- https://www.ibm.com/support/pages/node/6596399 advisory
- https://www.ibm.com/support/pages/node/6596907 advisory
- https://www.ibm.com/support/pages/node/6596881 advisory
- https://www.ibm.com/support/pages/node/6596741 advisory
- https://www.ibm.com/support/pages/node/6596883 advisory
- https://www.ibm.com/support/pages/node/6596971 advisory
- https://www.ibm.com/support/pages/node/6596895 advisory
- https://www.ibm.com/support/pages/node/6596379 advisory
- https://www.ibm.com/support/pages/node/6596877 advisory
- https://www.ibm.com/support/pages/node/6596875 advisory
- https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-027.html advisory
- https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-029.html advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerabilities-in-the-ibm-spectrum-protect-backup-archive-client-may-affect-ibm-spectrum-protect-for-space-management-cve-2022-22478/ advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0064.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0064 advisory
- https://supportportal.juniper.net/JSA11272 advisory
…and 100 more