VDB
CVE-2022-25168
CVE-2022-25168
PUBLISHED
Es existiert eine Schwachstelle in IBM Spectrum Scale. Die FileUtil.unTar(File, File) API von Apache Hadoop validiert Eingabedateinamen nur ungenügend. Durch das Senden speziell gestalteter Argumente kann ein lokaler Angreifer diese Schwachstelle ausnutzen, um beliebige Befehle auf dem System auszuführen.
EPSS 3.01% · 86.9th percentile
Risk Scores
EPSS Score
3.01%
86.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Dell PowerEdge | |
| IBM | IBM Spectrum Scale 5.1.x | |
| Dell | Dell ECS <3.8.1.0 |
Exploit Intelligence
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
Timeline
- Aug 4, 2022 CVE Published
- Aug 5, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Aug 11, 2022 CVE Updated
- Sep 20, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Feb 6, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 25, 2023 EPSS Score
- May 10, 2023 EPSS Score
- Jun 25, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2343.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2343 advisory
- https://www.ibm.com/support/pages/node/6844723 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794 advisory
- https://www.dell.com/support/kbdoc/000223839/dsa-2024-= advisory
- https://www.dell.com/support/kbdoc/en-us/000209268/dsa-2023-014-dell-poweredge-server-security-update-for-intel-february-2023-security-advisories-2023-1-ipu advisory