CVE-2022-4492 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Affected Products (NVD)

Vendor	Product	Version
redhat	build_of_quarkus	-
redhat	integration_camel_for_spring_boot	-
redhat	integration_camel_k	-
redhat	integration_service_registry	-
redhat	jboss_enterprise_application_platform	7.0.0
redhat	jboss_fuse	7.0.0
redhat	migration_toolkit_for_applications	6.0
redhat	migration_toolkit_for_runtimes	-
redhat	single_sign-on	7.0
redhat	undertow	2.7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

undertow

sid	2.3.8-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

undertow

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	dne
mantic	dne
noble	needs-triage
trusty	ignored
xenial	needs-triage

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://access.redhat.com/security/cve/CVE-2022-4492

https://bugzilla.redhat.com/show_bug.cgi?id=2153260

https://security.netapp.com/advisory/ntap-20230324-0002/

https://access.redhat.com/security/cve/CVE-2022-4492

https://bugzilla.redhat.com/show_bug.cgi?id=2153260

https://security.netapp.com/advisory/ntap-20230324-0002/