CVE-2022-2137
published 2022-07-22CVE-2022-2137: The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose…
PriorityP425medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.80%
51.8th percentile
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | iview | < 5.7.04.6469 | 5.7.04.6469 |
| advantech_iview | iview | >= All < 5_7_04_6469 | 5_7_04_6469 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: zonefs: fix zonefs_iomap_begin() for reads
vendor_redhat·2025-02-26·CVSS 7.1
CVE-2022-49706 [HIGH] kernel: zonefs: fix zonefs_iomap_begin() for reads
kernel: zonefs: fix zonefs_iomap_begin() for reads
In the Linux kernel, the following vulnerability has been resolved:
zonefs: fix zonefs_iomap_begin() for reads
If a readahead is issued to a sequential zone file with an offset
exactly equal to the current file size, the iomap type is set to
IOMAP_UNWRITTEN, which will prevent an IO, but the iomap length is
calculated as 0. This causes a WARN_ON() in iomap_iter():
[17309.548939] WARNING: CPU: 3 PID: 2137 at fs/iomap/iter.c:34 iomap_iter+0x9cf/0xe80
[...]
[17309.650907] RIP: 0010:iomap_iter+0x9cf/0xe80
[...]
[17309.754560] Call Trace:
[17309.757078]
[17309.759240] ? lock_is_held_type+0xd8/0x130
[17309.763531] iomap_readahead+0x1a8/0x870
[17309.767550] ? iomap_read_folio+0x4c0/0x4c0
[17309.771817] ? lockdep_hardirqs_on_prepare+0x400/0x400
[
CISA ICS
Advantech iView
cisa_ics·2022-06-28·CVSS 7.5
[HIGH] Advantech iView
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech iView
Last RevisedJune 28, 2022
Alert CodeICSA-22-179-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Advantech
- Equipment: iView
- Vulnerabilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read or modify sensitive data, disclose information, or execute arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of
GHSA
GHSA-3hh5-x5h6-6vjx: The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to discl
ghsa_unreviewed·2022-07-23
CVE-2022-2137 [MEDIUM] CWE-89 GHSA-3hh5-x5h6-6vjx: The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to discl
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
No detection rules found.
Nuclei
Zoho ManageEngine - Internal Hostname Disclosure
nuclei·CVSS 5.3
CVE-2022-23779 [MEDIUM] Zoho ManageEngine - Internal Hostname Disclosure
Zoho ManageEngine - Internal Hostname Disclosure
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
Template:
id: CVE-2022-23779
info:
name: Zoho ManageEngine - Internal Hostname Disclosure
author: cckuailong
severity: medium
description: Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
impact: |
An attacker could use the disclosed internal hostnames to plan targeted attacks, gain unauthorized access, or perform reconnaissance on the internal network.
remediation: |
Apply the latest security patch or update provided by Zoho ManageEngine to fi
2022-07-22
Published