CVE-2022-0507
published 2022-03-10CVE-2022-0507: Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.22%
64.8th percentile
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artica_pfms | pandora_fms | >= v759 < v759 | v759 |
| pandorafms | pandora_fms | < 760 | 760 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-485w-jm59-qvxp: Found a potential security vulnerability inside the Pandora API
ghsa_unreviewed·2022-03-11
CVE-2022-0507 [HIGH] CWE-89 GHSA-485w-jm59-qvxp: Found a potential security vulnerability inside the Pandora API
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.
CISA
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
cisa·2022-03-03·CVSS 9.8
CVE-2012-0507 [CRITICAL] Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Vulnerability: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Affected: Oracle Java SE
An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-0507
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://khoori.org/posts/cve-2022-0507/https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/https://www.incibe.es/en/cve-assignment-publication/coordinated-cveshttps://khoori.org/posts/cve-2022-0507/https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
2022-03-10
Published