CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2022-4132	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2147372	Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:dogtagpki:network_security_services_for_java:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

05 Oct 2023, 17:03

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux Redhat Dogtagpki Dogtagpki network Security Services For Java
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2022-4132 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2022-4132 - Third Party Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2147372 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2147372 - Issue Tracking, Patch
CWE		CWE-401
CPE		cpe:2.3:a:dogtagpki:network_security_services_for_java:::::::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

04 Oct 2023, 12:56

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-04 12:15

Updated : 2023-12-10 15:14

NVD link : CVE-2022-4132

Mitre link : CVE-2022-4132

CVE.ORG link : CVE-2022-4132

JSON object : View

Products Affected

redhat

enterprise_linux

dogtagpki

network_security_services_for_java

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2022-4132", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-10-04T12:15:10.230", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-4132", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147372", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page)."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en JSS. Una p\u00e9rdida de memoria en JSS requiere una configuraci\u00f3n no est\u00e1ndar, pero es un vector DoS de bajo esfuerzo si se configura de esa manera (presionando repetidamente la p\u00e1gina de inicio de sesi\u00f3n)."}], "lastModified": "2023-11-07T03:57:00.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dogtagpki:network_security_services_for_java:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAAADD35-9518-4DFC-A486-09B52EE860E1", "versionEndExcluding": "5.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}