Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-4147

Published: 06/12/2022 Updated: 12/12/2022
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 0
Subscribe to Quarkus

Vulnerability Summary

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

quarkus quarkus

Vendor Advisories

Red Hat: Important: Red Hat build of Quarkus 2.13.5 release and security update
Synopsis Important: Red Hat build of Quarkus 2135 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Quarkus Red Hat ProductSecurity has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update
Synopsis Important: Red Hat build of Quarkus Platform 276SP3 and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Quarkus Platform Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-8908, CVE-2020-14326, CVE-2020-25633, CVE-2020-36518, CVE-2021-20289, CVE-2021-21290, CVE-2021-46877, CVE-2022-3782, CVE-2022-4147, CVE-2022-40151, CVE-2022-40152, CVE-2022-41915, CVE-2022-41946, CVE-2022-41966, CVE-2023-0091, CVE-2023-1370, CVE-2023-28708 ...

Github Repositories

https://github.com/jsamaze/CVEfixes

Notes by Joshua Issue 1 : CVE-2022-4147 refers to CWE-1026 which for some reason is not in the CWE database Note that CWE-1026 is not in the list of CWE created by NIST I have decided to remove this CVE in cve_importerpy line 174 Issue 2 : From an unknown number of total repositories, ~4025 repositories were determined to be available (as tested by sending a HTTP GET reques

References

CWE-1026https://access.redhat.com/security/cve/CVE-2022-4147https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:9023https://access.redhat.com/security/cve/cve-2022-4147
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook