GSD-2022-24289
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24289",
"description": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne\u0027s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to \u0027remote\u0027 applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.",
"id": "GSD-2022-24289"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-24289"
],
"details": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne\u0027s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to \u0027remote\u0027 applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.",
"id": "GSD-2022-24289",
"modified": "2023-12-13T01:19:42.590871Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-24289",
"STATE": "PUBLIC",
"TITLE": "Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cayenne",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.1",
"version_value": "4.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Panda"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne\u0027s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to \u0027remote\u0027 applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc"
},
{
"name": "[oss-security] 20220211 CVE-2022-24289: Apache Cayenne: Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "Either upgrade to Apache Cayenne 4.2 or a patched version of Java (after 6u211, 7u201, 8u191, and 11.0.1)\n\nAll versions of Apache Cayenne 4.2 have whitelisting enabled by default for the Hessian deserialization. Later versions of Java also have LDAP mitigation in place. Users can either upgrade Java or Apache Cayenne to avoid the issue.\n\nLDAP mitigation is present starting in JDK 6u211, 7u201, 8u191, and 11.0.1 where com.sun.jndi.ldap.object.trustURLCodebase system property is set to false by default to prevent JNDI from loading remote code through LDAP."
}
]
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,4.2)",
"affected_versions": "All versions before 4.2",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2022-02-18",
"description": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne\u0027s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to \u0027remote\u0027 applications. In Apache Cayenne 4.1, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.",
"fixed_versions": [],
"identifier": "CVE-2022-24289",
"identifiers": [
"CVE-2022-24289"
],
"not_impacted": "",
"package_slug": "maven/org.apache.cayenne/cayenne-modeler",
"pubdate": "2022-02-11",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-24289",
"https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc",
"http://www.openwall.com/lists/oss-security/2022/02/11/1"
],
"uuid": "2ae5cc5f-ea9a-4f4e-8930-fc93ad0557fa"
},
{
"affected_range": "(,4.2)",
"affected_versions": "All versions before 4.2",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2022-02-18",
"description": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne\u0027s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to \u0027remote\u0027 applications. In Apache Cayenne, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution.",
"fixed_versions": [
"4.2"
],
"identifier": "CVE-2022-24289",
"identifiers": [
"CVE-2022-24289",
"GHSA-c58c-w527-h77p"
],
"not_impacted": "All versions starting from 4.2",
"package_slug": "maven/org.apache.cayenne/cayenne-server",
"pubdate": "2022-02-11",
"solution": "Upgrade to version 4.2 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-24289",
"https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc",
"http://www.openwall.com/lists/oss-security/2022/02/11/1",
"https://github.com/advisories/GHSA-c58c-w527-h77p"
],
"uuid": "4b806ad9-7a22-4c3c-897e-445a4c9d735a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:cayenne:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-24289"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne\u0027s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to \u0027remote\u0027 applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/zthjy83t3o66x7xcbygn2vg3yjvlc9vc"
},
{
"name": "[oss-security] 20220211 CVE-2022-24289: Apache Cayenne: Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/1"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-02-18T01:34Z",
"publishedDate": "2022-02-11T13:15Z"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…