VDB
CVE-2022-24614
CVE-2022-24614
PUBLISHED
CVSS 8.699999809265137 HIGH
In IBM Security Guardium existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines Out-of-Memory-Fehlers bei der Verarbeitung sehr kleiner Eingaben und einer unsachgemäßen Eingabevalidierung in der Komponente MetadataExtractor. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete JPEG-Datei zu öffnen, um einen Denial-of-Service-Zustand auszulösen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.28% · 51.5th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.28%
51.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NetApp | NetApp ActiveIQ Unified Manager | |
| IBM | IBM Spectrum Protect Plus 10.1 | |
| IBM | IBM Security Guardium 11.3 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.3.13 | |
| Atlassian | Atlassian Bitbucket <10.0.2 | |
| Hitachi | Hitachi Ops Center | |
| Debian | Debian Linux | |
| Red Hat | Red Hat FUSE <7.11.0 | |
| IBM | IBM QRadar SIEM 7.5 | |
| Red Hat | Red Hat Enterprise Linux | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| IBM | IBM Security Guardium 11.5 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.1.10 | |
| EMC | EMC Avamar | |
| Atlassian | Atlassian Bitbucket <9.4.13 (LTS) | |
| IBM | IBM QRadar SIEM 7.4 | |
| IBM | IBM Security Guardium 11.4 | |
| IBM | IBM QRadar SIEM |
Exploit Intelligence
Timeline
- Feb 24, 2022 CVE Published
- Feb 25, 2022 EPSS Score
- Apr 18, 2022 EPSS Score
- Jun 9, 2022 EPSS Score
- Aug 1, 2022 EPSS Score
- Sep 21, 2022 EPSS Score
- Nov 12, 2022 EPSS Score
- Jan 3, 2023 EPSS Score
- Feb 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- Jun 8, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0607.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0607 advisory
- https://access.redhat.com/errata/RHSA-2022:5532 advisory
- https://access.redhat.com/errata/RHSA-2022:5596 advisory
- https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-125/index.html advisory
- https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-124/index.html advisory
- https://lists.debian.org/debian-security-announce/2022/msg00165.html advisory
- https://access.redhat.com/errata/RHSA-2022:5903 advisory
- https://access.redhat.com/errata/RHSA-2022:6787 advisory
- https://access.redhat.com/errata/RHSA-2022:6783 advisory
- https://access.redhat.com/errata/RHSA-2022:6782 advisory
- https://access.redhat.com/errata/RHSA-2022:6822 advisory
- https://access.redhat.com/errata/RHSA-2022:6823 advisory
- https://access.redhat.com/errata/RHSA-2022:6825 advisory
- https://access.redhat.com/errata/RHSA-2022:6821 advisory
- https://access.redhat.com/errata/RHSA-2022:6813 advisory
- https://access.redhat.com/errata/RHSA-2022:6835 advisory
- https://security.netapp.com/advisory/ntap-20221014-0006/ advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-14/ advisory
- https://access.redhat.com/errata/RHSA-2022:7177 advisory
…and 22 more