CVE-2022-42899

Published: 13/10/2022 Updated: 13/10/2022

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bentley microstation
bentley view

CVE-2022-42899 Apache Common Text starting from version 15 to 19 has Remote code execution vulnerability CVE-2022-42899 final StringSubstitutor interpolator = StringSubstitutorcreateInterpolator(); interpolatorreplace("${script:javascript:javalangRuntimegetRuntime()exec('<payload to execute RCE>"); // Here you will pass payload which you wa

通过 jvm 启动参数以及 jps pid进行拦截非法参数

cve-2022-42889-intercept 低于 Java11版本的需要注意，更高的版本已经取消了Javascript解释器本次方案针对 Java8 通过 jvm 启动参数以及 jps pid进行拦截非法参数 quick start -----------------------load cve-2022-42889 check start cve-2022-42889 is_deep_match orgapachecommonstextStringSubstitutor mdgetReturnType()getActualName

CWE-125 https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0017/https://nvd.nist.gov https://github.com/iamsanjay/CVE-2022-42899 https://github.com/uk0/cve-2022-42889-intercept

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-42899

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect