Vulnerability-Lookup

CVE-2022-24772 (GCVE-0-2022-24772)

Vulnerability from cvelistv5 – Published: 2022-03-18 13:30 – Updated: 2025-04-23 18:46

Title

Improper Verification of Cryptographic Signature in `node-forge`

Summary

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/digitalbazaar/forge/commit/3f0…	x_refsource_MISC
https://github.com/digitalbazaar/forge/commit/bb8…	x_refsource_MISC
https://github.com/digitalbazaar/forge/security/a…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
digitalbazaar	forge	Affected: < 1.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:56:34.551775Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:46:10.614Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "forge",
          "vendor": "digitalbazaar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-18T13:30:20.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
        }
      ],
      "source": {
        "advisory": "GHSA-x4jg-mjrx-434g",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Verification of Cryptographic Signature in `node-forge`",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24772",
          "STATE": "PUBLIC",
          "TITLE": "Improper Verification of Cryptographic Signature in `node-forge`"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "forge",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "digitalbazaar"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347: Improper Verification of Cryptographic Signature"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1",
              "refsource": "MISC",
              "url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
            },
            {
              "name": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2",
              "refsource": "MISC",
              "url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
            },
            {
              "name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
              "refsource": "CONFIRM",
              "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-x4jg-mjrx-434g",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24772",
    "datePublished": "2022-03-18T13:30:20.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:46:10.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-24772",
      "date": "2026-06-06",
      "epss": "0.00144",
      "percentile": "0.3448"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24772\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-03-18T14:15:10.353\",\"lastModified\":\"2024-11-21T06:51:03.973\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.\"},{\"lang\":\"es\",\"value\":\"Forge (tambi\u00e9n llamado \\\"node-forge\\\") es una implementaci\u00f3n nativa de Transport Layer Security en JavaScript. En versiones anteriores a 1.3.0, el c\u00f3digo de verificaci\u00f3n de firmas RSA PKCS#1 versi\u00f3n v1.5, no comprobaba los bytes de cola despu\u00e9s de descodificar una estructura ASN.1 \\\"DigestInfo\\\". Esto puede permitir que se eliminen bytes de relleno y se a\u00f1adan datos basura para falsificar una firma cuando se utiliza un exponente p\u00fablico bajo. El problema ha sido abordado en \\\"node-forge\\\" versi\u00f3n 1.3.0. Actualmente no se presentan medidas de mitigaci\u00f3n conocidas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digitalbazaar:forge:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.3.0\",\"matchCriteriaId\":\"8AB9FF47-2328-4E42-B944-DE751AD3E423\"}]}]}],\"references\":[{\"url\":\"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2022-0417

Vulnerability from csaf_certbund - Published: 2022-05-05 22:00 - Updated: 2026-06-02 22:00

Summary

Red Hat OpenShift Service Mesh: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - Linux

CVE-2022-24771

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Sterling Connect:Direct Web Services IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:web_services`	Web Services
Splunk Splunk Enterprise <9.2.8 Splunk / Splunk Enterprise		<9.2.8
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat OpenShift Service Mesh <2.1.2.1 Red Hat / OpenShift		Service Mesh <2.1.2.1
Red Hat OpenShift Data Foundation <4.19 Red Hat / OpenShift		Data Foundation <4.19
Splunk Splunk Enterprise <9.4.4 Splunk / Splunk Enterprise		<9.4.4
Splunk Splunk Enterprise <9.3.6 Splunk / Splunk Enterprise		<9.3.6
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Splunk Splunk Enterprise <10.0.1 Splunk / Splunk Enterprise		<10.0.1
Red Hat OpenShift Data Foundation <4.18 Red Hat / OpenShift		Data Foundation <4.18
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-24772

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Sterling Connect:Direct Web Services IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:web_services`	Web Services
Splunk Splunk Enterprise <9.2.8 Splunk / Splunk Enterprise		<9.2.8
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat OpenShift Service Mesh <2.1.2.1 Red Hat / OpenShift		Service Mesh <2.1.2.1
Red Hat OpenShift Data Foundation <4.19 Red Hat / OpenShift		Data Foundation <4.19
Splunk Splunk Enterprise <9.4.4 Splunk / Splunk Enterprise		<9.4.4
Splunk Splunk Enterprise <9.3.6 Splunk / Splunk Enterprise		<9.3.6
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Splunk Splunk Enterprise <10.0.1 Splunk / Splunk Enterprise		<10.0.1
Red Hat OpenShift Data Foundation <4.18 Red Hat / OpenShift		Data Foundation <4.18
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-24773

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Sterling Connect:Direct Web Services IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:web_services`	Web Services
Splunk Splunk Enterprise <9.2.8 Splunk / Splunk Enterprise		<9.2.8
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat OpenShift Service Mesh <2.1.2.1 Red Hat / OpenShift		Service Mesh <2.1.2.1
Red Hat OpenShift Data Foundation <4.19 Red Hat / OpenShift		Data Foundation <4.19
Splunk Splunk Enterprise <9.4.4 Splunk / Splunk Enterprise		<9.4.4
Splunk Splunk Enterprise <9.3.6 Splunk / Splunk Enterprise		<9.3.6
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Splunk Splunk Enterprise <10.0.1 Splunk / Splunk Enterprise		<10.0.1
Red Hat OpenShift Data Foundation <4.18 Red Hat / OpenShift		Data Foundation <4.18
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-0235

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Sterling Connect:Direct Web Services IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:web_services`	Web Services
Splunk Splunk Enterprise <9.2.8 Splunk / Splunk Enterprise		<9.2.8
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat OpenShift Service Mesh <2.1.2.1 Red Hat / OpenShift		Service Mesh <2.1.2.1
Red Hat OpenShift Data Foundation <4.19 Red Hat / OpenShift		Data Foundation <4.19
Splunk Splunk Enterprise <9.4.4 Splunk / Splunk Enterprise		<9.4.4
Splunk Splunk Enterprise <9.3.6 Splunk / Splunk Enterprise		<9.3.6
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Splunk Splunk Enterprise <10.0.1 Splunk / Splunk Enterprise		<10.0.1
Red Hat OpenShift Data Foundation <4.18 Red Hat / OpenShift		Data Foundation <4.18
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2022-0536

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Sterling Connect:Direct Web Services IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:web_services`	Web Services
Splunk Splunk Enterprise <9.2.8 Splunk / Splunk Enterprise		<9.2.8
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat OpenShift Service Mesh <2.1.2.1 Red Hat / OpenShift		Service Mesh <2.1.2.1
Red Hat OpenShift Data Foundation <4.19 Red Hat / OpenShift		Data Foundation <4.19
Splunk Splunk Enterprise <9.4.4 Splunk / Splunk Enterprise		<9.4.4
Splunk Splunk Enterprise <9.3.6 Splunk / Splunk Enterprise		<9.3.6
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Splunk Splunk Enterprise <10.0.1 Splunk / Splunk Enterprise		<10.0.1
Red Hat OpenShift Data Foundation <4.18 Red Hat / OpenShift		Data Foundation <4.18
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

CVE-2021-44906

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM Sterling Connect:Direct Web Services IBM / Sterling Connect:Direct	`cpe:/a:ibm:sterling_connect%3adirect:web_services`	Web Services
Splunk Splunk Enterprise <9.2.8 Splunk / Splunk Enterprise		<9.2.8
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat OpenShift Service Mesh <2.1.2.1 Red Hat / OpenShift		Service Mesh <2.1.2.1
Red Hat OpenShift Data Foundation <4.19 Red Hat / OpenShift		Data Foundation <4.19
Splunk Splunk Enterprise <9.4.4 Splunk / Splunk Enterprise		<9.4.4
Splunk Splunk Enterprise <9.3.6 Splunk / Splunk Enterprise		<9.3.6
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Splunk Splunk Enterprise <10.0.1 Splunk / Splunk Enterprise		<10.0.1
Red Hat OpenShift Data Foundation <4.18 Red Hat / OpenShift		Data Foundation <4.18
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2022:1739	external
https://access.redhat.com/errata/RHSA-2022:5392	external
https://access.redhat.com/errata/RHSA-2022:5069	external
https://access.redhat.com/errata/RHSA-2022:6156	external
https://access.redhat.com/errata/RHSA-2022:6813	external
https://access.redhat.com/errata/RHSA-2022:6835	external
https://access.redhat.com/errata/RHSA-2022:8652	external
https://access.redhat.com/errata/RHSA-2023:0612	external
https://access.redhat.com/errata/RHSA-2023:1043	external
https://access.redhat.com/errata/RHSA-2023:1049	external
https://access.redhat.com/errata/RHSA-2023:1044	external
https://access.redhat.com/errata/RHSA-2023:1047	external
https://access.redhat.com/errata/RHSA-2023:1045	external
https://access.redhat.com/errata/RHSA-2023:1742	external
https://advisory.splunk.com//advisories/SVD-2025-1007	external
https://access.redhat.com/errata/RHSA-2025:21368	external
https://access.redhat.com/errata/RHSA-2025:21378	external
https://access.redhat.com/errata/RHSA-2025:21704	external
https://confluence.atlassian.com/security/securit…	external
https://access.redhat.com/errata/RHSA-2025:22415	external
https://access.redhat.com/errata/RHSA-2025:22416	external
https://access.redhat.com/errata/RHSA-2025:22418	external
https://access.redhat.com/errata/RHSA-2025:22420	external
https://www.ibm.com/support/pages/node/7271910	external
https://www.ibm.com/support/pages/node/7274847	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0417 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0417.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0417 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0417"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2144-1 vom 2022-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011319.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2146-1 vom 2022-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011320.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2144-1 vom 2022-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011321.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1739 vom 2022-05-05",
        "url": "https://access.redhat.com/errata/RHSA-2022:1739"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5392 vom 2022-06-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:5392"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5069 vom 2022-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:5069"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6156 vom 2022-08-24",
        "url": "https://access.redhat.com/errata/RHSA-2022:6156"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6813 vom 2022-10-05",
        "url": "https://access.redhat.com/errata/RHSA-2022:6813"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6835"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8652"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0612 vom 2023-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2023:0612"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1043"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1049"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1044"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1047"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1045"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1742 vom 2023-04-12",
        "url": "https://access.redhat.com/errata/RHSA-2023:1742"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2025-1007 vom 2025-10-01",
        "url": "https://advisory.splunk.com//advisories/SVD-2025-1007"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21368 vom 2025-11-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:21368"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21378 vom 2025-11-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:21378"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21704 vom 2025-11-18",
        "url": "https://access.redhat.com/errata/RHSA-2025:21704"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22415 vom 2025-12-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:22415"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22416 vom 2025-12-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:22416"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22418 vom 2025-12-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:22418"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22420 vom 2025-12-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:22420"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7271910 vom 2026-05-06",
        "url": "https://www.ibm.com/support/pages/node/7271910"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7274847 vom 2026-06-02",
        "url": "https://www.ibm.com/support/pages/node/7274847"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat OpenShift Service Mesh: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-03T06:12:25.586+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2022-0417",
      "initial_release_date": "2022-05-05T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-05-05T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-05-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "Pr\u00e4zisierung betroffenes Produkt"
        },
        {
          "date": "2022-06-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-06-28T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-24T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-05T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-06T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-28T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-02-06T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-03-01T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-04-12T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-10-01T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2025-11-13T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-12-01T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c10.0.2",
                  "product_id": "T048675"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket 10.0.2",
                  "product_id": "T048675-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
                  "product_id": "T048676"
                }
              },
              {
                "category": "product_version",
                "name": "8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 8.19.25 (LTS)",
                  "product_id": "T048676-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
                  "product_id": "T048677"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 9.4.13 (LTS)",
                  "product_id": "T048677-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM App Connect Enterprise",
            "product": {
              "name": "IBM App Connect Enterprise",
              "product_id": "T052517",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Web Services",
                "product": {
                  "name": "IBM Sterling Connect:Direct Web Services",
                  "product_id": "T054967",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:sterling_connect%3adirect:web_services"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Sterling Connect:Direct"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Service Mesh \u003c2.1.2.1",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh \u003c2.1.2.1",
                  "product_id": "T023122"
                }
              },
              {
                "category": "product_version",
                "name": "Service Mesh 2.1.2.1",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 2.1.2.1",
                  "product_id": "T023122-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:2.1.2.1::service_mesh"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Foundation \u003c4.19",
                "product": {
                  "name": "Red Hat OpenShift Data Foundation \u003c4.19",
                  "product_id": "T048596"
                }
              },
              {
                "category": "product_version",
                "name": "Data Foundation 4.19",
                "product": {
                  "name": "Red Hat OpenShift Data Foundation 4.19",
                  "product_id": "T048596-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:data_foundation__4.19"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Foundation \u003c4.18",
                "product": {
                  "name": "Red Hat OpenShift Data Foundation \u003c4.18",
                  "product_id": "T048598"
                }
              },
              {
                "category": "product_version",
                "name": "Data Foundation 4.18",
                "product": {
                  "name": "Red Hat OpenShift Data Foundation 4.18",
                  "product_id": "T048598-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:data_foundation__4.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c10.0.1",
                  "product_id": "T047323"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 10.0.1",
                  "product_id": "T047323-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:10.0.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.4.4",
                  "product_id": "T047324"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.4",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.4.4",
                  "product_id": "T047324-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.4.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.3.6",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.3.6",
                  "product_id": "T047325"
                }
              },
              {
                "category": "product_version",
                "name": "9.3.6",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.3.6",
                  "product_id": "T047325-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.3.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.8",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.8",
                  "product_id": "T047326"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.8",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.2.8",
                  "product_id": "T047326-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.2.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24771",
      "product_status": {
        "known_affected": [
          "67646",
          "T054967",
          "T047326",
          "T002207",
          "T052517",
          "T023122",
          "T048596",
          "T047324",
          "T047325",
          "T048677",
          "T048676",
          "T047323",
          "T048598",
          "T048675"
        ]
      },
      "release_date": "2022-05-05T22:00:00.000+00:00",
      "title": "CVE-2022-24771"
    },
    {
      "cve": "CVE-2022-24772",
      "product_status": {
        "known_affected": [
          "67646",
          "T054967",
          "T047326",
          "T002207",
          "T052517",
          "T023122",
          "T048596",
          "T047324",
          "T047325",
          "T048677",
          "T048676",
          "T047323",
          "T048598",
          "T048675"
        ]
      },
      "release_date": "2022-05-05T22:00:00.000+00:00",
      "title": "CVE-2022-24772"
    },
    {
      "cve": "CVE-2022-24773",
      "product_status": {
        "known_affected": [
          "67646",
          "T054967",
          "T047326",
          "T002207",
          "T052517",
          "T023122",
          "T048596",
          "T047324",
          "T047325",
          "T048677",
          "T048676",
          "T047323",
          "T048598",
          "T048675"
        ]
      },
      "release_date": "2022-05-05T22:00:00.000+00:00",
      "title": "CVE-2022-24773"
    },
    {
      "cve": "CVE-2022-0235",
      "product_status": {
        "known_affected": [
          "67646",
          "T054967",
          "T047326",
          "T002207",
          "T052517",
          "T023122",
          "T048596",
          "T047324",
          "T047325",
          "T048677",
          "T048676",
          "T047323",
          "T048598",
          "T048675"
        ]
      },
      "release_date": "2022-05-05T22:00:00.000+00:00",
      "title": "CVE-2022-0235"
    },
    {
      "cve": "CVE-2022-0536",
      "product_status": {
        "known_affected": [
          "67646",
          "T054967",
          "T047326",
          "T002207",
          "T052517",
          "T023122",
          "T048596",
          "T047324",
          "T047325",
          "T048677",
          "T048676",
          "T047323",
          "T048598",
          "T048675"
        ]
      },
      "release_date": "2022-05-05T22:00:00.000+00:00",
      "title": "CVE-2022-0536"
    },
    {
      "cve": "CVE-2021-44906",
      "product_status": {
        "known_affected": [
          "67646",
          "T054967",
          "T047326",
          "T002207",
          "T052517",
          "T023122",
          "T048596",
          "T047324",
          "T047325",
          "T048677",
          "T048676",
          "T047323",
          "T048598",
          "T048675"
        ]
      },
      "release_date": "2022-05-05T22:00:00.000+00:00",
      "title": "CVE-2021-44906"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24772 (GCVE-0-2022-24772)

WID-SEC-W-2022-0417

Tags

Sightings

Nomenclature