VDB
CVE-2022-37734
CVE-2022-37734
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es existiert eine Schwachstelle in IBM Maximo Asset Management. Das Problem besteht in GraphQL Java. Beim Verarbeiten einer speziell gestalteten Anfrage mit Richtlinienüberladung kann ein unkontrollierter Ressourcenverbrauch herbeigeführt werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen.
EPSS 1.19% · 79.1th percentile
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
1.19%
79.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux | |
| Red Hat | Red Hat OpenShift container platform 4.0.51 | |
| IBM | IBM WebSphere Application Server | |
| Red Hat | Red Hat OpenShift build of Eclipse Vert.x <4.3. | |
| Red Hat | Red Hat JBoss A-MQ Clients 3 | |
| IBM | IBM TXSeries 8.1 | |
| Dell | Dell NetWorker | |
| IBM | IBM TXSeries 8.2 | |
| IBM | IBM Maximo Asset Management 7.6.1.3 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| IBM | IBM TXSeries 9.1 | |
| IBM | IBM Maximo Asset Management 7.6.1.2 | |
| Oracle | Oracle Linux | |
| Amazon | Amazon Linux 2 |
Timeline
- Sep 12, 2022 CVE Published
- Sep 13, 2022 EPSS Score
- Oct 28, 2022 EPSS Score
- Dec 12, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- Apr 26, 2023 EPSS Score
- Jun 10, 2023 EPSS Score
- Jul 25, 2023 EPSS Score
- Aug 8, 2023 CVE Updated
- Oct 22, 2023 EPSS Score
- Dec 6, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1635.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1635 advisory
- https://access.redhat.com/errata/RHSA-2022:6757 advisory
- https://access.redhat.com/errata/RHSA-2022:6820 advisory
- https://access.redhat.com/errata/RHSA-2022:6835 advisory
- http://linux.oracle.com/errata/ELSA-2022-6820.html advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-denial-of-service-due-to-graphql-java-cve-2022-37734/ advisory
- https://access.redhat.com/errata/RHSA-2022:8524 advisory
- https://access.redhat.com/errata/RHSA-2022:8652 advisory
- https://access.redhat.com/errata/RHSA-2022:8876 advisory
- https://access.redhat.com/errata/RHSA-2022:9023 advisory
- https://access.redhat.com/errata/RHSA-2023:0189 advisory
- https://www.ibm.com/support/pages/node/6856687 advisory
- https://access.redhat.com/errata/RHSA-2023:0560 advisory
- https://access.redhat.com/errata/RHSA-2023:1049 advisory
- https://access.redhat.com/errata/RHSA-2023:1043 advisory
- https://access.redhat.com/errata/RHSA-2023:1045 advisory
- https://access.redhat.com/errata/RHSA-2023:1047 advisory
- https://access.redhat.com/errata/RHSA-2023:1044 advisory
- https://access.redhat.com/errata/RHSA-2023:1513 advisory
…and 14 more