Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-4039

Опубликовано: 22 сент. 2023
Источник: nvd
CVSS3: 8
CVSS3: 9.8
EPSS Низкий

Описание

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%
0.00121
Низкий

8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-276
CWE-276

Связанные уязвимости

redhat логотип

CVE-2022-4039

CVSS3: 8
redhat
почти 3 года назад

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

debian логотип

CVE-2022-4039

CVSS3: 8
debian
больше 2 лет назад

A flaw was found in Red Hat Single Sign-On for OpenShift container ima ...

github логотип

GHSA-7g6j-5xq2-wgqv

CVSS3: 8
github
больше 2 лет назад

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

fstec логотип

BDU:2023-00935

CVSS3: 8
fstec
почти 3 года назад

Уязвимость программного средства для управления идентификацией и доступом Keycloak, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю, действующему удаленно, выполнить произвольный код

EPSS

Процентиль: 32%
0.00121
Низкий

8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-276
CWE-276