8.1

CVE-2022-27778

Exploit

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

Data is provided by the National Vulnerability Database (NVD)
HaxxCurl Version7.83.0
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappActive Iq Unified Manager Version- SwPlatformwindows
NetappOncommand Insight Version-
NetappSnapcenter Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappBh500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappHci Compute Node Firmware Version-
   NetappHci Compute Node Version-
OracleMysql Server Version <= 5.7.38
OracleMysql Server Version >= 8.0.0 <= 8.0.29
SplunkUniversal Forwarder Version >= 8.2.0 < 8.2.12
SplunkUniversal Forwarder Version >= 9.0.0 < 9.0.6
SplunkUniversal Forwarder Version9.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.46% 0.633
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-706 Use of Incorrectly-Resolved Name or Reference

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

https://hackerone.com/reports/1553598
Third Party Advisory
Exploit