Details of VAR-202201-0395

ID

VAR-202201-0395

CVE

CVE-2022-23852

TITLE

Expat Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003473

DESCRIPTION

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary: An update for expat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Expat is a C library for parsing XML documents. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 5. Description: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically

Trust: 2.43

sources: NVD: CVE-2022-23852 // JVNDB: JVNDB-2022-003473 // VULHUB: VHN-413070 // VULMON: CVE-2022-23852 // PACKETSTORM: 166496 // PACKETSTORM: 166348 // PACKETSTORM: 168696 // PACKETSTORM: 168011 // PACKETSTORM: 168578 // PACKETSTORM: 169540 // PACKETSTORM: 169541

AFFECTED PRODUCTS

vendor:	oracle	model:	communications metasolv solution	scope:	eq	version:	6.3.1	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	lt	version:	2.4.4	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	8.15.3	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	10.1.1	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	オラクル	model:	oracle communications metasolv solution	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	clustered data ontap	scope:	-	version:	-	Trust: 0.8
vendor:	libexpat	model:	libexpat	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	oncommand workflow automation	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	tenable	model:	nessus	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-003473 // NVD: CVE-2022-23852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23852
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-23852
value:	CRITICAL
Trust: 0.8
VULHUB:	VHN-413070
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-23852
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-23852
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-413070
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-23852
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23852
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-413070 // VULMON: CVE-2022-23852 // JVNDB: JVNDB-2022-003473 // NVD: CVE-2022-23852

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-413070 // JVNDB: JVNDB-2022-003473 // NVD: CVE-2022-23852

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 168011

TYPE

overflow, code execution

Trust: 0.4

sources: PACKETSTORM: 166496 // PACKETSTORM: 166348 // PACKETSTORM: 169540 // PACKETSTORM: 169541

PATCH

title:	SSA-484086 Hitachi Server / Client Product Security Information	url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html	Trust: 0.8
title:	Red Hat: Moderate: expat security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224834 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1569	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1569	Trust: 0.1
title:	Red Hat: CVE-2022-23852	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-23852	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1754	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1754	Trust: 0.1
title:	Red Hat: Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226890 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: expat security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220951 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227144 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227143 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5073-1 expat -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=131f3d669e0814049dd7f5b87ef0af84	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221039 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-028	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-028	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221734 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221041 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Release of OpenShift Serverless Version 1.22.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221042 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221083 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-05	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221476 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225483 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Service Telemetry Framework 1.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225924 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=68c6989b84f14aaac220c13b754c7702	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	myapp-container-jaxrs	url:	https://github.com/akiraabe/myapp-container-jaxrs	Trust: 0.1

sources: VULMON: CVE-2022-23852 // JVNDB: JVNDB-2022-003473

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23852	Trust: 3.5
db:	TENABLE	id:	TNS-2022-05	Trust: 1.1
db:	SIEMENS	id:	SSA-484086	Trust: 1.1
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-278-01	Trust: 0.8
db:	JVN	id:	JVNVU99030761	Trust: 0.8
db:	JVN	id:	JVNVU97425465	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-003473	Trust: 0.8
db:	PACKETSTORM	id:	168696	Trust: 0.2
db:	PACKETSTORM	id:	166348	Trust: 0.2
db:	PACKETSTORM	id:	169540	Trust: 0.2
db:	PACKETSTORM	id:	169541	Trust: 0.2
db:	PACKETSTORM	id:	166496	Trust: 0.2
db:	PACKETSTORM	id:	168578	Trust: 0.2
db:	PACKETSTORM	id:	166431	Trust: 0.1
db:	PACKETSTORM	id:	166433	Trust: 0.1
db:	PACKETSTORM	id:	167321	Trust: 0.1
db:	PACKETSTORM	id:	167008	Trust: 0.1
db:	PACKETSTORM	id:	166437	Trust: 0.1
db:	VULHUB	id:	VHN-413070	Trust: 0.1
db:	VULMON	id:	CVE-2022-23852	Trust: 0.1
db:	PACKETSTORM	id:	168011	Trust: 0.1

sources: VULHUB: VHN-413070 // VULMON: CVE-2022-23852 // JVNDB: JVNDB-2022-003473 // PACKETSTORM: 166496 // PACKETSTORM: 166348 // PACKETSTORM: 168696 // PACKETSTORM: 168011 // PACKETSTORM: 168578 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // NVD: CVE-2022-23852

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-23852	Trust: 1.4
url:	https://security.gentoo.org/glsa/202209-24	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20220217-0001/	Trust: 1.1
url:	https://www.tenable.com/security/tns-2022-05	Trust: 1.1
url:	https://www.debian.org/security/2022/dsa-5073	Trust: 1.1
url:	https://github.com/libexpat/libexpat/pull/550	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html	Trust: 1.1
url:	https://jvn.jp/vu/jvnvu99030761/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97425465/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-23852	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22826	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45960	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22822	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22827	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46143	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22825	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22823	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22824	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-22825	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22822	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-45960	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22824	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22826	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22827	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22823	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-46143	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25315	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25313	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-36160	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41524	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23990	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25314	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-44224	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-39275	Trust: 0.2
url:	https://access.redhat.com/errata/rhsa-2022:1069	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0951	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0494	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0494	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6890	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1353	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1353	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3867	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9805	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3894	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3899	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30761	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8743	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14502	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8743	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8823	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-10228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000858	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3900	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9894	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33938	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27618	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8782	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9952	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8846	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9915	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8783	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3326	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8813	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9806	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3885	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9802	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20305	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8764	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22946	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8769	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000858	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10018	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9895	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-14502	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15358	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8819	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3862	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13050	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3868	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29361	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9169	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3895	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3865	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33930	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14391	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3864	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9862	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3541	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33929	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14889	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8816	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8927	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3897	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8808	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13627	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20454	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22947	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11793	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3521	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9850	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-25013	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3537	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30666	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3517	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33928	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30631	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8820	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14889	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1730	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3902	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5924	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8814	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13434	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8812	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-25013	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8815	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20454	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3901	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30762	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13050	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13627	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29363	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9925	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8720	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40674	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25314	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25313	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7144	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7143	Trust: 0.1

sources: VULHUB: VHN-413070 // JVNDB: JVNDB-2022-003473 // PACKETSTORM: 166496 // PACKETSTORM: 166348 // PACKETSTORM: 168696 // PACKETSTORM: 168011 // PACKETSTORM: 168578 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // NVD: CVE-2022-23852

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 166496 // PACKETSTORM: 166348 // PACKETSTORM: 168696 // PACKETSTORM: 168011 // PACKETSTORM: 169540 // PACKETSTORM: 169541

SOURCES

db:	VULHUB	id:	VHN-413070
db:	VULMON	id:	CVE-2022-23852
db:	JVNDB	id:	JVNDB-2022-003473
db:	PACKETSTORM	id:	166496
db:	PACKETSTORM	id:	166348
db:	PACKETSTORM	id:	168696
db:	PACKETSTORM	id:	168011
db:	PACKETSTORM	id:	168578
db:	PACKETSTORM	id:	169540
db:	PACKETSTORM	id:	169541
db:	NVD	id:	CVE-2022-23852

LAST UPDATE DATE

2024-11-20T21:12:41.223000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-413070	date:	2022-10-29T00:00:00
db:	VULMON	id:	CVE-2022-23852	date:	2022-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-003473	date:	2023-10-10T06:13:00
db:	NVD	id:	CVE-2022-23852	date:	2022-10-29T02:44:33.083

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-413070	date:	2022-01-24T00:00:00
db:	VULMON	id:	CVE-2022-23852	date:	2022-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-003473	date:	2023-02-21T00:00:00
db:	PACKETSTORM	id:	166496	date:	2022-03-28T15:54:26
db:	PACKETSTORM	id:	166348	date:	2022-03-17T15:51:32
db:	PACKETSTORM	id:	168696	date:	2022-10-12T13:22:05
db:	PACKETSTORM	id:	168011	date:	2022-08-09T14:36:05
db:	PACKETSTORM	id:	168578	date:	2022-09-30T14:56:43
db:	PACKETSTORM	id:	169540	date:	2022-10-27T13:05:19
db:	PACKETSTORM	id:	169541	date:	2022-10-27T13:05:26
db:	NVD	id:	CVE-2022-23852	date:	2022-01-24T02:15:06.733