CVE-2022-4039 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-4039 PUBLISHED CVSS 8 HIGH

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

EPSS 0.12% · 31.2th percentile

Risk Scores

CVSS v3.1

8

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.12%

31.2th percentile

Affected Products

Vendor	Product	Versions
Red Hat	RHEL-8 based Middleware Containers	7.6-20
redhat	single_sign-on	7.0
redhat	openshift_container_platform	4.9, 4.10
redhat	openshift_container_platform_for_linuxone	4.9, 4.10
redhat	openshift_container_platform_for_power	4.10, 4.9
Red Hat	Red Hat Single Sign-On 7
redhat	openshift_container_platform_for_ibm_z	4.9, 4.10

Timeline

Sep 22, 2023 CVE Published
Sep 23, 2023 EPSS Score
Oct 24, 2023 EPSS Score
Nov 25, 2023 EPSS Score
Dec 26, 2023 EPSS Score
Jan 27, 2024 EPSS Score
Feb 27, 2024 EPSS Score
Mar 30, 2024 EPSS Score
Apr 30, 2024 EPSS Score
Jun 1, 2024 EPSS Score
Jul 2, 2024 EPSS Score
Aug 3, 2024 EPSS Score

References

RHSA-2023:1047 vendor-advisory
https://access.redhat.com/security/cve/CVE-2022-4039 vdb
RHBZ#2143416 issue
https://nvd.nist.gov/vuln/detail/CVE-2022-4039 advisory

Open in Interactive Console →