VDB
CVE-2022-36087
CVE-2022-36087
PUBLISHED
CVSS 8.699999809265137 HIGH
Es existiert eine Schwachstelle in IBM Spectrum Protect. Der Fehler besteht aufgrund einer unsachgemäßen Eingabevalidierung in OAuthlib. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, indem er eine speziell gestaltete Anfrage mit einem IPV6-URI sendet, um einen Denial-of-Service-Zustand auszulösen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.37% · 58.9th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.37%
58.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux | |
| Xerox | Xerox FreeFlow Print Server 9 | |
| Gentoo | Gentoo Linux | |
| Xerox | Xerox FreeFlow Print Server v2 | |
| Amazon | Amazon Linux 2 | |
| Debian | Debian Linux | |
| Ubuntu | Ubuntu Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.14.0 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| SUSE | SUSE openSUSE | |
| Xerox | Xerox FreeFlow Print Server 7 | |
| Fedora | Fedora Linux | |
| RESF | RESF Rocky Linux | |
| Red Hat | Red Hat OpenShift Data Foundation 4 | |
| Oracle | Oracle Linux | |
| Red Hat | Red Hat Enterprise Linux |
Exploit Intelligence
- https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py (nist-nvd)
- https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232 (nist-nvd)
- https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7 (nist-nvd)
Timeline
- Sep 9, 2022 CVE Published
- Sep 10, 2022 EPSS Score
- Oct 25, 2022 EPSS Score
- Dec 9, 2022 EPSS Score
- Jan 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 24, 2023 EPSS Score
- Jun 8, 2023 EPSS Score
- Jul 23, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
- Oct 21, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2378.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2378 advisory
- https://www.ibm.com/support/pages/node/6842215 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0561.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0561 advisory
- https://security.business.xerox.com/wp-content/uploads/2023/05/Xerox-Security-Bulletin-XRX23-007-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-002-FreeFlow-Print-Server-v2_Windows10.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-001-FreeFlow%C2%AE-Print-Server-v7.pdf advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1185.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1185 advisory
- https://access.redhat.com/errata/RHSA-2023:2161 advisory
- https://access.redhat.com/errata/RHSA-2023:2177 advisory
- https://access.redhat.com/errata/RHSA-2023:2179 advisory
- https://access.redhat.com/errata/RHSA-2023:2202 advisory
- https://access.redhat.com/errata/RHSA-2023:2216 advisory
- https://access.redhat.com/errata/RHSA-2023:2234 advisory
- https://access.redhat.com/errata/RHSA-2023:2256 advisory
- https://access.redhat.com/errata/RHSA-2023:2258 advisory
- https://access.redhat.com/errata/RHSA-2023:2326 advisory
…and 58 more