CVE-2022-4492 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
redhat	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Vendor	Product	Version
redhat	build_of_quarkus	-
redhat	integration_camel_for_spring_boot	-
redhat	integration_camel_k	-
redhat	integration_service_registry	-
redhat	jboss_enterprise_application_platform	7.0.0
redhat	jboss_fuse	7.0.0
redhat	migration_toolkit_for_applications	6.0
redhat	migration_toolkit_for_runtimes	-
redhat	single_sign-on	7.0
redhat	undertow	2.7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

undertow

sid	2.3.8-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

undertow

noble	needs-triage
mantic	dne
lunar	dne
kinetic	ignored
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	ignored

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://access.redhat.com/security/cve/CVE-2022-4492

https://bugzilla.redhat.com/show_bug.cgi?id=2153260

https://security.netapp.com/advisory/ntap-20230324-0002/

https://access.redhat.com/security/cve/CVE-2022-4492

https://bugzilla.redhat.com/show_bug.cgi?id=2153260

https://security.netapp.com/advisory/ntap-20230324-0002/