VDB
CVE-2022-4245
CVE-2022-4245
PUBLISHED
CVSS 4.300000190734863 MEDIUM
codehaus-plexus vulnerable to XML injection
EPSS 0.06% · 19.1th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.06%
19.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | A-MQ Clients 2 | |
| Red Hat | Red Hat Software Collections | |
| Red Hat | Red Hat Software Collections | |
| Red Hat | Red Hat A-MQ Online | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat JBoss Data Grid 7 | |
| Red Hat | Red Hat JBoss Fuse Service Works 6 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| Red Hat | Red Hat Process Automation 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat JBoss Web Server 3 | |
| Red Hat | Red Hat support for Spring Boot | |
| redhat | integration_camel_k | 0 |
| Red Hat | Red Hat Single Sign-On 7 | |
| Red Hat | RHPAM 7.13.1 async | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Software Collections | |
| Red Hat | Red Hat build of Quarkus | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 6 | |
| Red Hat | Red Hat Software Collections |
…and 25 more
Exploit Intelligence
- CIRCL seen: CVE-2022-4245 (circl-sighting)
- RHSA-2023:2135 (circl)
- RHSA-2023:3906 (circl)
- https://access.redhat.com/security/cve/CVE-2022-4245 (circl)
- RHBZ#2149843 (circl)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
…and 1 more exploits
Timeline
- Sep 25, 2023 CVE Published
- Sep 26, 2023 CVE Updated
- Sep 26, 2023 EPSS Score
- Sep 26, 2023 PoC Published
- Oct 28, 2023 EPSS Score
- Nov 29, 2023 EPSS Score
- Dec 31, 2023 EPSS Score
- Feb 1, 2024 EPSS Score
- Mar 4, 2024 EPSS Score
- Apr 5, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jun 8, 2024 EPSS Score
References
- https://www.ibm.com/support/pages/node/7183597 advisory
- https://www.ibm.com/support/pages/node/7183584 advisory
- https://www.ibm.com/support/pages/node/7183612 advisory
- RHSA-2023:2135 vendor-advisory
- RHSA-2023:3906 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2022-4245 vdb
- RHBZ#2149843 issue
- https://nvd.nist.gov/vuln/detail/CVE-2022-4245 advisory
- https://github.com/codehaus-plexus/plexus-utils/issues/3 url
- https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de url
- https://github.com/codehaus-plexus/plexus-utils package
- https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-461102 url