| Vulnerability Name: | CVE-2022-40674 (CCN-236116) |
| Assigned: | 2022-09-11 |
| Published: | 2022-09-11 |
| Updated: | 2023-02-01 |
| Summary: | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. |
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-416
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2022-40674
Source: XF
Type: UNKNOWN
libexpat-cve202240674-code-exec(236116)
Source: cve@mitre.org
Type: Issue Tracking, Patch, Third Party Advisory
cve@mitre.org
Source: CCN
Type: libexpat GIT Repository
[CVE-2022-40674] tests: Cover heap use-after-free issue in doContent (follow-up to #629) #640
Source: cve@mitre.org
Type: Issue Tracking, Patch, Third Party Advisory
cve@mitre.org
Source: CCN
Type: libexpat Web site
libexpat
Source: cve@mitre.org
Type: Issue Tracking, Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org
Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org
Source: CCN
Type: IBM Security Bulletin 6826711 (Tivoli Monitoring)
IBM Tivoli Monitoring is vulnerable to remote code execution [CVE-2022-40674]
Source: CCN
Type: IBM Security Bulletin 6827119 (HTTP Server)
IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674)
Source: CCN
Type: IBM Security Bulletin 6833558 (Voice Gateway)
Multiple Vulnerabilities in base image packages affect IBM Voice Gateway
Source: CCN
Type: IBM Security Bulletin 6833562 (AIX)
AIX is affected by arbitrary code execution [CVE-2022-40674] and denial of service [CVE-2020-10735] due to Python
Source: CCN
Type: IBM Security Bulletin 6837645 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server
Source: CCN
Type: IBM Security Bulletin 6838295 (QRadar Network Packet Capture)
IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.
Source: CCN
Type: IBM Security Bulletin 6842505 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Expat, SQlite, libxml2, Libksba, zlib and GnuTLS
Source: CCN
Type: IBM Security Bulletin 6847293 (Db2 for Linux, UNIX and Windows)
Multiple vulnerabilities in the Expat library affect IBM Db2 Net Search Extender may lead to denial of service or arbitrary code execution.
Source: CCN
Type: IBM Security Bulletin 6852221 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Source: CCN
Type: IBM Security Bulletin 6853461 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Source: CCN
Type: IBM Security Bulletin 6855663 (Tivoli Network Manager IP Edition)
Due to use of Expat library, IBM Tivoli Network Manager (ITNM) is vulnerable to arbitrary code execution [CVE-2022-40674]
Source: CCN
Type: IBM Security Bulletin 6856375 (Rational ClearCase)
Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase [CVE-2022-40674, CVE-2022-43680]
Source: CCN
Type: IBM Security Bulletin 6890637 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs
Source: CCN
Type: IBM Security Bulletin 6955057 (Security QRadar SIEM)
IBM QRadar SIEM includes multiple components with known vulnerabilities
Source: CCN
Type: IBM Security Bulletin 6960595 (Security Verify Bridge)
Multiple Security vulnerabilities fixed and shipped with IBM Security Verify Bridge (Docker version) (CVE-2022-2175, CVE-2022-2526, CVE-2022-40674, CVE-2022-3515)
Source: CCN
Type: IBM Security Bulletin 6967289 (Cloud Pak System Software Suite)
Vulnerability in libexpat affects IBM Cloud Pak System [CVE-2022-40674]
Source: CCN
Type: IBM Security Bulletin 6981859 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in libexpat [CVE-2022-40674]
Source: CCN
Type: IBM Security Bulletin 6982841 (Netcool Operations Insight)
Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.
Source: CCN
Type: IBM Security Bulletin 6999317 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities
Source: CCN
Type: IBM Security Bulletin 7001867 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
|
| Vulnerable Configuration: | Configuration RedHat 1:
cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*Configuration RedHat 2:
cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*Configuration RedHat 3:
cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*Configuration RedHat 4:
cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*Configuration RedHat 5:
cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*Configuration RedHat 6:
cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*Configuration RedHat 7:
cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*Configuration RedHat 8:
cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*Configuration RedHat 9:
cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*Configuration RedHat 10:
cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*Configuration RedHat 11:
cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*Configuration RedHat 12:
cpe:/o:redhat:rhel_els:6:*:*:*:*:*:*:*Configuration RedHat 13:
cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*Configuration RedHat 14:
cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
Configuration CCN 1:
cpe:/a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.4.3:*:*:*:*:*:*:*OR cpe:/a:libexpat_project:libexpat:2.4.4:*:*:*:*:*:*:*AND cpe:/a:ibm:http_server:7.0:*:*:*:*:*:*:*OR cpe:/a:ibm:http_server:8.0:*:*:*:*:*:*:*OR cpe:/a:ibm:http_server:8.5:*:*:*:*:*:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*OR cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:*OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:*OR cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:*OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.5:*:*:*:*:*:*:*OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.6:*:*:*:*:*:*:*OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.4:*:*:*:*:*:*:*OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |
libexpat_project libexpat 2.2.0
libexpat_project libexpat 2.2.6
libexpat_project libexpat 2.2.5
libexpat_project libexpat 2.2.4
libexpat_project libexpat 2.2.3
libexpat_project libexpat 2.2.2
libexpat_project libexpat 2.2.1
libexpat_project libexpat 2.2.7
libexpat_project libexpat 2.4.3
libexpat_project libexpat 2.4.4
ibm http server 7.0
ibm http server 8.0
ibm http server 8.5
ibm tivoli monitoring 6.3.0
ibm db2 10.5
ibm db2 10.5
ibm db2 10.5
ibm db2 10.1
ibm db2 10.1
ibm db2 10.1
ibm db2 9.7
ibm db2 9.7
ibm db2 9.7
ibm db2 11.1
ibm db2 11.1
ibm db2 11.1
ibm tivoli monitoring 6.3.0.7
ibm voice gateway 1.0.2
ibm voice gateway 1.0.3
ibm cloud transformation advisor 2.0.1
ibm voice gateway 1.0.2.4
ibm voice gateway 1.0.4
ibm voice gateway 1.0.5
ibm voice gateway 1.0.6
ibm voice gateway 1.0.7
ibm security guardium 11.3
ibm security guardium 11.4
ibm aix 7.3
ibm robotic process automation for cloud pak 21.0.1
ibm robotic process automation for cloud pak 21.0.2
ibm robotic process automation for cloud pak 21.0.3
ibm cloud pak for security 1.10.0.0
ibm qradar security information and event manager 7.4 -
ibm robotic process automation for cloud pak 21.0.5
ibm robotic process automation for cloud pak 21.0.6
ibm robotic process automation for cloud pak 21.0.4
ibm robotic process automation for cloud pak 21.0.0