CVE-2022-40609 — Vulnetix

CVE-2022-40609 PUBLISHED CVSS 8.699999809265137 HIGH

Es existiert eine Schwachstelle in IBM Java. Im Object Request Broker (ORB) besteht ein Problem aufgrund einer unsicheren Deserialisierung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um durch das Senden speziell gestalteter Daten beliebigen Code auf dem System auszuführen.

EPSS 0.44% · 63.3th percentile

Risk Scores

CVSS 4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.44%

63.3th percentile

Affected Products

Vendor	Product	Versions
IBM	IBM Tivoli Netcool/OMNIbus 8.1.0
SUSE	SUSE Linux
IBM	IBM TXSeries for Multiplatforms 9.1
IBM	IBM Tivoli Netcool/OMNIbus <8.1.0.31
IBM	IBM Maximo Asset Management 7.6.1.3
IBM	IBM VIOS 3.1
IBM	IBM WebSphere Service Registry and Repository 8.5
IBM	IBM Security Access Manager for Enterprise Single Sign-On 8.2.1
IBM	IBM Rational Software Architect 9.7
IBM	IBM Tivoli Business Service Manager 6.2.0
IBM	IBM DB2
IBM	IBM Rational Software Architect 9.6
IBM	IBM Java <8.0.8.5
IBM	IBM Business Automation Workflow 19.0.0.1
IBM	IBM Power Hardware Management Console <10.1.1020.0 x86
IBM	IBM Informix Dynamic Server
IBM	IBM Maximo Asset Management 7.6.1.2
IBM	IBM Business Automation Workflow 18.0.0.0
IBM	IBM Business Automation Workflow 20.0.0.1
IBM	IBM Tivoli Monitoring 6.3.0

…and 32 more

Exploit Intelligence

Timeline

Jul 31, 2023 CVE Published
Aug 3, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 10, 2023 EPSS Score
Nov 12, 2023 EPSS Score
Dec 16, 2023 EPSS Score
Feb 8, 2024 PoC Published
Feb 22, 2024 EPSS Score
Mar 27, 2024 EPSS Score
Apr 30, 2024 EPSS Score
Jun 2, 2024 EPSS Score
Jul 6, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1930.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1930 advisory
https://www.ibm.com/support/pages/node/7017032 advisory
https://www.ibm.com/support/pages/node/7022475 advisory
https://www.ibm.com/support/pages/node/7022836 advisory
https://www.ibm.com/support/pages/node/7023275 advisory
https://www.ibm.com/support/pages/node/7024675 advisory
https://www.ibm.com/support/pages/node/7026489 advisory
https://www.ibm.com/support/pages/node/7027898 advisory
https://www.ibm.com/support/pages/node/7028404 advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-August/016004.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-August/016025.html advisory
https://www.ibm.com/support/pages/node/7029662 advisory
https://www.ibm.com/support/pages/node/7027874 advisory
https://aix.software.ibm.com/aix/efixes/security/java_aug2023_advisory.asc advisory
https://www.ibm.com/support/pages/node/7030522 advisory
https://www.ibm.com/support/pages/node/7030613 advisory
https://www.ibm.com/support/pages/node/7030664 advisory
https://www.ibm.com/support/pages/node/7029361 advisory
https://www.ibm.com/support/pages/node/7047724 advisory

…and 14 more

Open in Interactive Console →