VDB
CVE-2022-22970
CVE-2022-22970
PUBLISHED
CVSS 8.699999809265137 HIGH
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
EPSS 0.16% · 37.1th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.16%
37.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications 22.2.3 | |
| Oracle | Oracle Communications 22.1.0 | |
| IBM | IBM QRadar SIEM 7.5 | |
| Oracle | Oracle Communications <=22.4.0 | |
| Oracle | Oracle Communications 22.3.2 | |
| Oracle | Oracle Communications 22.0.0.0.0 | |
| Oracle | Oracle Communications 22.1.0.0.0 | |
| Red Hat | Red Hat FUSE <7.11.0 | |
| IBM | IBM Security Guardium 11.5 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.1.10 | |
| Oracle | Oracle Communications 1.11.0 | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Red Hat | Red Hat Enterprise Linux | |
| Debian | Debian Linux | |
| Oracle | Oracle Communications 8.0.0 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.3.13 | |
| Atlassian | Atlassian Bitbucket <10.0.2 | |
| Oracle | Oracle Communications 10.4.0.4.1 | |
| IBM | IBM Spectrum Protect Plus 10.1 | |
| Oracle | Oracle Communications 22.2.1 |
…and 23 more
Exploit Intelligence
- Performant-Labs/CVE-2022-22970 (github-poc-repo)
- Performant-Labs/CVE-2022-22970 (github-poc-repo)
- Performant-Labs/CVE-2022-22970 (github-poc-repo)
- Performant-Labs/CVE-2022-22970 (github-poc-repo)
- Performant-Labs/CVE-2022-22970 (github-poc-repo)
- Performant-Labs/CVE-2022-22970 (github-poc-repo)
- Performant-Labs/CVE-2022-22970 (github-poc-repo)
- Performant-Labs/CVE-2022-22970 (github-poc)
- Performant-Labs/CVE-2022-22970 (github-poc)
- Performant-Labs/CVE-2022-22970 (github-poc)
…and 9 more exploits
Timeline
- May 10, 2022 CVE Published
- May 13, 2022 EPSS Score
- Jul 1, 2022 EPSS Score
- Oct 9, 2022 EPSS Score
- Nov 27, 2022 EPSS Score
- Jan 15, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Jun 12, 2023 EPSS Score
- Jul 31, 2023 EPSS Score
- Nov 6, 2023 EPSS Score
- Dec 25, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0361.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0361 advisory
- https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now advisory
- https://security.netapp.com/advisory/ntap-20220616-0006/ advisory
- https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities advisory
- https://www.ibm.com/support/pages/node/7144861 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0809.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0809 advisory
- https://www.ibm.com/support/pages/node/6967283 advisory
- https://www.ibm.com/support/pages/node/6967333 advisory
- https://www.ibm.com/support/pages/node/6980799 advisory
- https://www.ibm.com/support/pages/node/7108657 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-5ecc250449 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0528.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0528 advisory
- https://www.dell.com/support/kbdoc/000222618/dsa-2024-= advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0607.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0607 advisory
- https://access.redhat.com/errata/RHSA-2022:5532 advisory
- https://access.redhat.com/errata/RHSA-2022:5596 advisory
…and 45 more