CVE-2022-4895
published 2023-02-28CVE-2022-4895: Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on…
PriorityP340high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.28%
19.7th percentile
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi | hitachi_infrastructure_analytics_advisor | 2.0.0-00 – 4.4.0-00 | — |
| hitachi | hitachi_ops_center_analyzer | >= 10.0.0-00 < 10.9.1-00 | 10.9.1-00 |
| hitachi | infrastructure_analytics_advisor | >= 2.0.0-00 < 10.9.1-00 | 10.9.1-00 |
| hitachi | ops_center_analyzer | >= 10.0.0-00 < 10.9.1-00 | 10.9.1-00 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qvrq-rvh5-v2x2: Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Ana
ghsa_unreviewed·2023-02-28
CVE-2022-4895 [HIGH] CWE-295 GHSA-qvrq-rvh5-v2x2: Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Ana
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
Red Hat
vim: heap-buffer-overflow in append_command of src/ex_docmd.c
vendor_redhat·2022-05-07·CVSS 7.8
CVE-2022-1616 [HIGH] CWE-416 vim: heap-buffer-overflow in append_command of src/ex_docmd.c
vim: heap-buffer-overflow in append_command of src/ex_docmd.c
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.
Statement: Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.
For addit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-28
Published