CVE-2022-2238

CWE-89SQL InjectionCWE-400Uncontrolled Resource ConsumptionCWE-3035 documents4 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 27.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Advanced Cluster Management FOR Kubernetes
Timeline
PublishedSep 1
Latest updateJan 19

Description

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5red_hat_advanced_cluster_management_for_kubernetesRed Hat Advanced Cluster Management for Kubernetes 2

🔴Vulnerability Details

2
GHSA
GHSA-gpp7-gqhm-5827: A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets par2022-09-02
CVEList
CVE-2022-2238: A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets par2022-09-01

📋Vendor Advisories

2
Red Hat
ManageEngine: remote code execution vulnerability in multiple ManageEngine products2023-01-19
Red Hat
search-api: SQL injection leads to remote denial of service2022-06-28
CVE-2022-2238 (MEDIUM CVSS 6.5) | A vulnerability was found in the se | cvebase.io