CVE-2022-4245 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
redhat	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Vendor	Product	Version
codehaus-plexus	plexus-utils	𝑥 < 3.0.24
redhat	integration_camel_k	𝑥 < 1.10.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

plexus-utils2

bullseye	3.3.0-1 fixed
sid	3.4.2-1 fixed
trixie	3.4.2-1 fixed
bookworm	3.4.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

plexus-utils2

noble	not-affected
mantic	not-affected
lunar	not-affected
jammy	not-affected
focal	not-affected
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

Common Weakness Enumeration

CWE-91 - XML Injection (aka Blind XPath Injection)
The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

https://access.redhat.com/errata/RHSA-2023:2135

https://access.redhat.com/errata/RHSA-2023:3906

https://access.redhat.com/security/cve/CVE-2022-4245

https://bugzilla.redhat.com/show_bug.cgi?id=2149843

https://access.redhat.com/errata/RHSA-2023:2135

https://access.redhat.com/errata/RHSA-2023:3906

https://access.redhat.com/security/cve/CVE-2022-4245

https://bugzilla.redhat.com/show_bug.cgi?id=2149843