VDB
CVE-2022-31147
CVE-2022-31147
PUBLISHED
CVSS 8.699999809265137 HIGH
Es besteht eine Schwachstelle in HCL BigFix Power Management. Diese Fehler besteht aufgrund der unsachgemäßen Eingabevalidierung im jQuery Validation Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Regular Expression Denial of Service (ReDoS) zu erzeugen, indem er eine beliebige Eingabe an die url2-Methode sendet. Die Sicherheitslücke CVE-2022-31147 besteht aufgrund der unvollständigen Behebung von CVE-2021-43306.
EPSS 0.31% · 54.3th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.31%
54.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications Applications <= 12.0.6.0.0 | |
| Oracle | Oracle Communications Applications 7.5.0 | |
| Oracle | Oracle Communications Applications 7.4.2 | |
| Oracle | Oracle Communications Applications 7.4.1 | |
| Oracle | Oracle Communications Applications 7.4.2.8.0 | |
| Oracle | Oracle Communications Applications <= 12.0.0.8.0 | |
| Oracle | Oracle Communications Applications 7.4 | |
| Oracle | Oracle Communications Applications 7.4.0.7.0 | |
| HCL | HCL BigFix PM <84 | |
| Oracle | Oracle Communications Applications <= 12.0.0.7 | |
| HCL | HCL BigFix Server Automation | |
| Oracle | Oracle Communications Applications 6.3.1.0.0 | |
| Oracle | Oracle Communications Applications 7.4.0 | |
| Oracle | Oracle Communications Applications <= 5.5.19 | |
| Oracle | Oracle Communications Applications <= 6.0.3 | |
| Oracle | Oracle Communications Applications 3.0.3.2 | |
| Oracle | Oracle Communications Applications 6.0.1.0.0 | |
| Oracle | Oracle Communications Applications 15.0.0.0.0 | |
| HCL | HCL BigFix Query <4.7.0 | |
| HCL | HCL BigFix WebUI |
…and 5 more
Timeline
- Jul 5, 2022 CVE Published
- Jul 15, 2022 EPSS Score
- Aug 31, 2022 EPSS Score
- Oct 17, 2022 EPSS Score
- Dec 3, 2022 EPSS Score
- Jan 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Sep 11, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
- Nov 8, 2023 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0107.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0107 advisory
- https://www.oracle.com/security-alerts/cpujan2024.html#AppendixCAGBU advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1590.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1590 advisory
- https://support.hcltechsw.com/community?id=community_blog&sys_id=41c2808e1b930ad0534c4159cc4bcba7 advisory
- https://support.hcltechsw.com/community?id=community_blog&sys_id=944daab91b1786d0534c4159cc4bcb58 advisory
- https://support.hcltechsw.com/community?id=community_blog&sys_id=cef753bd1bd3c6d0534c4159cc4bcbaa advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114657 advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114591 advisory
- https://support.hcl-software.com/community?id=community_blog&sys_id=1af3c435fb2216d0db10f2797befdc15 advisory