CVE-2022-46363 — Vulnetix

CVE-2022-46363 PUBLISHED CVSS 8.699999809265137 HIGH

In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.

EPSS 0.12% · 30.6th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.12%

30.6th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux
Apache	Apache CXF <3.5.5
IBM	IBM Security Guardium Key Lifecycle Manager 4.1.1
Red Hat	Red Hat JBoss Enterprise Application Platform <7.1.8
IBM	IBM InfoSphere Guardium
IBM	IBM Business Automation Workflow
Red Hat	Red Hat JBoss Enterprise Application Platform <7.1.9
Apache	Apache CXF <3.4.10
IBM	IBM Tivoli Business Service Manager <6.2.0.5
Dell	Dell Data Protection Advisor <19.12 SP 1
Fedora	Fedora Linux
Dell	Dell Secure Connect Gateway <5.34.00.16
Red Hat	Red Hat JBoss Enterprise Application Platform <7.3.11
IBM	IBM TXSeries 9.1
IBM	IBM TXSeries 8.2
IBM	IBM QRadar SIEM 7.5
IBM	IBM Security Guardium Key Lifecycle Manager 4.2
IBM	IBM Security Verify Access 10.0.0.0-10.0.6.1
RealObjects	RealObjects PDFreactor <11.6.3
Red Hat	Red Hat JBoss Enterprise Application Platform <7.3.12

…and 1 more

Timeline

Apr 30, 2017 PoC Published
Jun 28, 2021 PoC Published
Apr 22, 2022 PoC Published
Dec 13, 2022 CVE Published
Dec 14, 2022 EPSS Score
Jan 25, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 8, 2023 EPSS Score
Apr 18, 2023 EPSS Score
May 30, 2023 EPSS Score
Jun 9, 2023 PoC Published
Jul 11, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2316.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2316 advisory
https://cxf.apache.org/security-advisories.data/CVE-2022-46363.txt advisory
https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt advisory
https://access.redhat.com/errata/RHSA-2023:0163 advisory
https://access.redhat.com/errata/RHSA-2023:0164 advisory
https://access.redhat.com/errata/RHSA-2023:0483 advisory
https://access.redhat.com/errata/RHSA-2023:0544 advisory
https://www.ibm.com/support/pages/node/6953767 advisory
https://access.redhat.com/errata/RHSA-2023:1047 advisory
https://access.redhat.com/errata/RHSA-2023:1045 advisory
https://access.redhat.com/errata/RHSA-2023:1044 advisory
https://access.redhat.com/errata/RHSA-2023:1043 advisory
https://access.redhat.com/errata/RHSA-2023:1049 advisory
https://www.ibm.com/support/pages/node/6962805 advisory
https://www.pdfreactor.com/product/changelog.htm advisory
https://access.redhat.com/errata/RHSA-2023:1286 advisory
https://access.redhat.com/errata/RHSA-2023:1285 advisory
https://www.ibm.com/support/pages/node/6967571 advisory
https://www.ibm.com/support/pages/node/6987357 advisory

…and 23 more

Open in Interactive Console →