VDB
CVE-2022-4039
CVE-2022-4039
PUBLISHED
CVSS 8 HIGH
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
EPSS 0.12% · 30.8th percentile
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.12%
30.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | RHEL-8 based Middleware Containers | 7.6-20 |
| redhat | single_sign-on | 7.0 |
| redhat | openshift_container_platform | 4.9, 4.10 |
| redhat | openshift_container_platform_for_linuxone | 4.10, 4.9 |
| redhat | openshift_container_platform_for_power | 4.9, 4.10 |
| Red Hat | Red Hat Single Sign-On 7 | |
| redhat | openshift_container_platform_for_ibm_z | 4.10, 4.9 |
Exploit Intelligence
- RHSA-2023:1047 (circl)
- https://access.redhat.com/security/cve/CVE-2022-4039 (circl)
- RHBZ#2143416 (circl)
Timeline
- Sep 22, 2023 CVE Published
- Sep 23, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Nov 26, 2023 EPSS Score
- Dec 28, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
- Mar 1, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 4, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 8, 2024 EPSS Score
- Aug 9, 2024 EPSS Score
References
- RHSA-2023:1047 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2022-4039 vdb
- RHBZ#2143416 issue
- https://nvd.nist.gov/vuln/detail/CVE-2022-4039 advisory