VDB
CVE-2022-27778
CVE-2022-27778
PUBLISHED
CVSS 9.300000190734863 CRITICAL
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
EPSS 1.18% · 79.1th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.18%
79.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux | |
| Splunk | Splunk Splunk Enterprise | |
| Oracle | Oracle MySQL <=8.0.30 | |
| IBM | IBM DB2 | |
| IBM | IBM Spectrum Protect Plus | |
| Atlassian | Atlassian Confluence <9.2.7 | |
| IBM | IBM AIX 7.3.1 | |
| Ubuntu | Ubuntu Linux | |
| IBM | IBM Security Guardium 11.3 | |
| IBM | IBM Security Guardium 10.5 | |
| Xerox | Xerox FreeFlow Print Server 9 | |
| Dell | Dell NetWorker <19.9.0.1 | |
| Oracle | Oracle MySQL <=7.6.22 | |
| Oracle | Oracle Linux | |
| Oracle | Oracle MySQL <= 7.5.26 | |
| Splunk | Splunk Splunk Enterprise <9.2.1 | |
| Oracle | Oracle MySQL <= 8.0.25 | |
| Oracle | Oracle MySQL <=8.0.28 | |
| Splunk | Splunk Splunk Enterprise <9.1.4 | |
| Oracle | Oracle MySQL <= 7.6.22 |
…and 34 more
Exploit Intelligence
- https://hackerone.com/reports/1553598 (nist-nvd)
- CVE-2022-27778: curl removes wrong file on error (hackerone)
- CVE-2022-27778: curl removes wrong file on error (hackerone)
- CVE-2022-27778: curl removes wrong file on error (hackerone)
- CVE-2022-27778: curl removes wrong file on error (hackerone)
- CVE-2022-27778: curl removes wrong file on error (hackerone)
- CVE-2022-27778: curl removes wrong file on error (hackerone)
- https://hackerone.com/reports/1557449 (certbund)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
…and 10 more exploits
Timeline
- CVE Published
- May 11, 2022 PoC Published
- May 12, 2022 PoC Published
- Jun 2, 2022 EPSS Score
- Jul 22, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Dec 14, 2022 EPSS Score
- Jan 20, 2023 EPSS Score
- Feb 1, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 21, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0735.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0735 advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/ advisory
- https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL advisory
- https://ubuntu.com/security/notices/USN-5537-1 advisory
- https://ubuntu.com/security/notices/USN-5537-2 advisory
- https://security.netapp.com/advisory/ntap-20220729-0004/ advisory
- https://access.redhat.com/errata/RHSA-2022:6518 advisory
- https://access.redhat.com/errata/RHSA-2022:6590 advisory
- https://linux.oracle.com/errata/ELSA-2022-6590.html advisory
- https://www.oracle.com/security-alerts/linuxbulletinoct2022.html advisory
- https://access.redhat.com/errata/RHSA-2022:7055 advisory
- https://access.redhat.com/errata/RHSA-2022:7119 advisory
- https://linux.oracle.com/errata/ELSA-2022-7119.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1424.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1424 advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-009-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2025/10/Xerox-Security-Bulletin-XRX25-017-for-Xerox-FreeFlow-Print-Server-v9.pdf advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0277.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0277 advisory
…and 55 more