| Vulnerability Name: | CVE-2022-42915 (CCN-239060) | ||||||||||||
| Assigned: | 2022-10-26 | ||||||||||||
| Published: | 2022-10-26 | ||||||||||||
| Updated: | 2023-06-15 | ||||||||||||
| Summary: | |||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-42915 Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: CCN Type: Project curl Security Advisory, October 26 2022 CVE-2022-42915: HTTP proxy double-free Source: cve@mitre.org Type: Vendor Advisory cve@mitre.org Source: XF Type: UNKNOWN curl-cve202242915-dos(239060) Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: IBM Security Bulletin 6840059 (ILOG CPLEX Optimization Studio) The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221) Source: CCN Type: IBM Security Bulletin 6845365 (QRadar WinCollect Agent) IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities Source: CCN Type: IBM Security Bulletin 6855601 (Rational ClearCase) Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 ) Source: CCN Type: IBM Security Bulletin 6963308 (PowerSC) Multiple vulnerabilities in Curl affect PowerSC Source: CCN Type: IBM Security Bulletin 6984347 (Engineering Requirements Management DOORS) IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6 Source: CCN Type: IBM Security Bulletin 6984435 (App Connect Enterprise) IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service and remote attack due to OpenSSL and cURL libcurl. (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 & CVE-2022-42915). Source: CCN Type: IBM Security Bulletin 6997631 (App Connect Enterprise) IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and Google protobuf-java. (CVE-2022-42915, CVE-2021-22569, CVE-2022-3509, CVE-2022-3171, CVE-2022-3510) Source: CCN Type: Mend Vulnerability Database CVE-2022-42915 | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||