Details of VAR-202201-0498

ID

VAR-202201-0498

CVE

CVE-2022-22826

TITLE

Expat Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002874

DESCRIPTION

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. The vulnerability is caused by a boundary error when nextScaffoldPart in xmlparse.c exists when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5073-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 Debian Bug : 1002994 1003474 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2. For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1. We recommend that you upgrade your expat packages. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlrpc-c security update Advisory ID: RHSA-2022:7692-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7692 Issue date: 2022-11-08 CVE Names: CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ==================================================================== 1. Summary: An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: xmlrpc-c-1.51.0-8.el8.src.rpm aarch64: xmlrpc-c-1.51.0-8.el8.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm ppc64le: xmlrpc-c-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm s390x: xmlrpc-c-1.51.0-8.el8.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm x86_64: xmlrpc-c-1.51.0-8.el8.i686.rpm xmlrpc-c-1.51.0-8.el8.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-1.51.0-8.el8.i686.rpm xmlrpc-c-client-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm s390x: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm xmlrpc-c-devel-1.51.0-8.el8.s390x.rpm x86_64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm xmlrpc-c-devel-1.51.0-8.el8.i686.rpm xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5 Vot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG LF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5 K/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU JOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8 0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd IlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ XaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI nv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y qKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7 uOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S ZzcPNNMPHw0=wFwS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2022-22826 // JVNDB: JVNDB-2022-002874 // VULHUB: VHN-411552 // VULMON: CVE-2022-22826 // PACKETSTORM: 169217 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 169788

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	lt	version:	2.4.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	10.1.1	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	8.15.3	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	tenable	model:	nessus	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22826
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-22826
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22826
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202201-641
value:	HIGH
Trust: 0.6
VULHUB:	VHN-411552
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22826
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22826
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411552
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22826
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-22826
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411552 // VULMON: CVE-2022-22826 // CNNVD: CNNVD-202201-641 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826 // NVD: CVE-2022-22826

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411552 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 169788 // CNNVD: CNNVD-202201-641

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202201-641

PATCH

title:	SSA-484086 Hitachi Server / Client Product Security Information	url:	https://www.debian.org/security/2022/dsa-5073	Trust: 0.8
title:	Red Hat: CVE-2022-22826	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-22826	Trust: 0.1
title:	Red Hat: Important: expat security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220951 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1730aaeace15912feb07b96b49c44c9a	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1603	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1603	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221039 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5073-1 expat -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=131f3d669e0814049dd7f5b87ef0af84	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1809	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1809	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221734 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221041 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Release of OpenShift Serverless Version 1.22.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221042 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221083 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221476 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-05	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-017	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-017	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	myapp-container-jaxrs	url:	https://github.com/akiraabe/myapp-container-jaxrs	Trust: 0.1

sources: VULMON: CVE-2022-22826 // JVNDB: JVNDB-2022-002874

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22826	Trust: 3.8
db:	OPENWALL	id:	OSS-SECURITY/2022/01/17/3	Trust: 1.7
db:	SIEMENS	id:	SSA-484086	Trust: 1.7
db:	TENABLE	id:	TNS-2022-05	Trust: 1.7
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 1.4
db:	PACKETSTORM	id:	169788	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-278-01	Trust: 0.8
db:	JVN	id:	JVNVU99030761	Trust: 0.8
db:	JVN	id:	JVNVU97425465	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-002874	Trust: 0.8
db:	PACKETSTORM	id:	167008	Trust: 0.7
db:	PACKETSTORM	id:	166496	Trust: 0.7
db:	PACKETSTORM	id:	166437	Trust: 0.7
db:	PACKETSTORM	id:	166976	Trust: 0.7
db:	PACKETSTORM	id:	166348	Trust: 0.7
db:	PACKETSTORM	id:	169541	Trust: 0.7
db:	PACKETSTORM	id:	168578	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0626	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1677	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1154	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1263	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3299	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4174	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0369	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2165	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0749	Trust: 0.6
db:	CS-HELP	id:	SB2022032013	Trust: 0.6
db:	CS-HELP	id:	SB2022031627	Trust: 0.6
db:	CS-HELP	id:	SB2022021418	Trust: 0.6
db:	CS-HELP	id:	SB2022072710	Trust: 0.6
db:	CS-HELP	id:	SB2022072065	Trust: 0.6
db:	CS-HELP	id:	SB2022060617	Trust: 0.6
db:	CS-HELP	id:	SB2022032843	Trust: 0.6
db:	CS-HELP	id:	SB2022070734	Trust: 0.6
db:	CS-HELP	id:	SB2022041954	Trust: 0.6
db:	CS-HELP	id:	SB2022011713	Trust: 0.6
db:	CS-HELP	id:	SB2022022416	Trust: 0.6
db:	CS-HELP	id:	SB2022070605	Trust: 0.6
db:	CS-HELP	id:	SB2022020902	Trust: 0.6
db:	CS-HELP	id:	SB2022033002	Trust: 0.6
db:	CS-HELP	id:	SB2022032445	Trust: 0.6
db:	CS-HELP	id:	SB2022042116	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-641	Trust: 0.6
db:	PACKETSTORM	id:	166433	Trust: 0.2
db:	PACKETSTORM	id:	166431	Trust: 0.2
db:	PACKETSTORM	id:	169540	Trust: 0.1
db:	CNVD	id:	CNVD-2022-04543	Trust: 0.1
db:	VULHUB	id:	VHN-411552	Trust: 0.1
db:	VULMON	id:	CVE-2022-22826	Trust: 0.1
db:	PACKETSTORM	id:	169217	Trust: 0.1

sources: VULHUB: VHN-411552 // VULMON: CVE-2022-22826 // PACKETSTORM: 169217 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 169788 // CNNVD: CNNVD-202201-641 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-22826	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.7
url:	https://www.tenable.com/security/tns-2022-05	Trust: 1.7
url:	https://www.debian.org/security/2022/dsa-5073	Trust: 1.7
url:	https://security.gentoo.org/glsa/202209-24	Trust: 1.7
url:	https://github.com/libexpat/libexpat/pull/539	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2022/01/17/3	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu99030761/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97425465/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072710	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031627	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1154	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022416	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041954	Trust: 0.6
url:	https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271	Trust: 0.6
url:	https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020902	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4174	Trust: 0.6
url:	https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021418	Trust: 0.6
url:	https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032843	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070605	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032445	Trust: 0.6
url:	https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072065	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1263	Trust: 0.6
url:	https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060617	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042116	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032013	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022033002	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011713	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0749	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2165	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0626	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3299	Trust: 0.6
url:	https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0369	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1677	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070734	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22825	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22823	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22824	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22827	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22822	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46143	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45960	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23852	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22824	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22823	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22822	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22827	Trust: 0.3
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-46143	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22825	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22826	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0261	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1025	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23219	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23177	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31566	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23219	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0361	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0261	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23308	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23852	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24407	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0318	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24731	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3999	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24730	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0413	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0392	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0361	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-45960	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24730	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23177	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0359	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0318	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0392	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1025	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0413	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0359	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3999	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31566	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23990	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/expat	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25710	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25709	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0811	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25709	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1041	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24731	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7692	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1

sources: VULHUB: VHN-411552 // PACKETSTORM: 169217 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 169788 // CNNVD: CNNVD-202201-641 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202201-641

SOURCES

db:	VULHUB	id:	VHN-411552
db:	VULMON	id:	CVE-2022-22826
db:	PACKETSTORM	id:	169217
db:	PACKETSTORM	id:	166431
db:	PACKETSTORM	id:	166433
db:	PACKETSTORM	id:	169788
db:	CNNVD	id:	CNNVD-202201-641
db:	JVNDB	id:	JVNDB-2022-002874
db:	NVD	id:	CVE-2022-22826

LAST UPDATE DATE

2025-11-23T20:19:12.801000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411552	date:	2022-10-06T00:00:00
db:	VULMON	id:	CVE-2022-22826	date:	2022-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202201-641	date:	2022-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-002874	date:	2023-10-10T06:05:00
db:	NVD	id:	CVE-2022-22826	date:	2025-05-05T17:17:53.610

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411552	date:	2022-01-10T00:00:00
db:	VULMON	id:	CVE-2022-22826	date:	2022-01-10T00:00:00
db:	PACKETSTORM	id:	169217	date:	2022-02-28T20:12:00
db:	PACKETSTORM	id:	166431	date:	2022-03-24T14:34:35
db:	PACKETSTORM	id:	166433	date:	2022-03-24T14:36:50
db:	PACKETSTORM	id:	169788	date:	2022-11-08T13:52:57
db:	CNNVD	id:	CNNVD-202201-641	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002874	date:	2023-01-19T00:00:00
db:	NVD	id:	CVE-2022-22826	date:	2022-01-10T14:12:57.113