VDB
CVE-2022-41915
CVE-2022-41915
PUBLISHED
CVSS 8.699999809265137 HIGH
In IBM Maximo Asset Management existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Netty", "Logback" und "Java on z/OS". Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder einen Cross-Site-Scripting-Angriff durchzuführen.
EPSS 0.50% · 66.3th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.50%
66.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM QRadar SIEM <7.5.0 UP10 IF02 | |
| IBM | IBM SPSS <3.5 | |
| Oracle | Oracle Communications Applications 7.4.1 | |
| Dell | Dell ECS <3.8.1.0 | |
| Oracle | Oracle Communications Applications 7.5.0 | |
| Oracle | Oracle Communications Applications <= 12.0.0.8.0 | |
| Oracle | Oracle Communications Applications 7.4.1.5.0 | |
| Oracle | Oracle Communications Applications <= 12.0.0.6.0 | |
| Oracle | Oracle Communications Applications 3.0.3.2 | |
| Oracle | Oracle Communications Applications 8.1.0.21.0 | |
| Oracle | Oracle Communications Applications <= 12.0.6.0.0 | |
| Oracle | Oracle Communications Applications 7.3.6.4 | |
| NetApp | NetApp ActiveIQ Unified Manager for Linux | |
| NetApp | NetApp ActiveIQ Unified Manager for VMware vSphere | |
| IBM | IBM DB2 | |
| Oracle | Oracle Communications Applications 7.4.0.7.0 | |
| Oracle | Oracle Communications Applications 7.4.0 | |
| Oracle | Oracle Communications Applications <= 6.0.2 | |
| Oracle | Oracle Communications Applications <= 8.0.0.7.0 | |
| Dell | Dell PowerEdge |
…and 9 more
Exploit Intelligence
- https://github.com/netty/netty/issues/13084 (nist-nvd)
Timeline
- Dec 12, 2022 CVE Published
- Dec 13, 2022 EPSS Score
- Jan 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 18, 2023 EPSS Score
- May 29, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 21, 2023 EPSS Score
- Oct 2, 2023 EPSS Score
- Dec 25, 2023 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 17, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0091.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0091 advisory
- https://security.netapp.com/advisory/ntap-20230113-0004/ advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0783.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0783 advisory
- https://www.ibm.com/support/pages/node/7008449 advisory
- https://www.ibm.com/support/pages/node/6985689 advisory
- https://www.ibm.com/support/pages/node/6963560 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1813.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1813 advisory
- https://www.oracle.com/security-alerts/cpujul2023.html#AppendixCAGBU advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0519.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0519 advisory
- https://www.ibm.com/support/pages/node/7127403 advisory
- https://www.ibm.com/support/pages/node/7127436 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794 advisory
- https://www.dell.com/support/kbdoc/000223839/dsa-2024-= advisory
- https://www.dell.com/support/kbdoc/en-us/000209268/dsa-2023-014-dell-poweredge-server-security-update-for-intel-february-2023-security-advisories-2023-1-ipu advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3529.json advisory
…and 6 more