| Vulnerability Name: | CVE-2022-4883 (CCN-244934) | ||||||||||||||||||||
| Assigned: | 2023-01-17 | ||||||||||||||||||||
| Published: | 2023-01-17 | ||||||||||||||||||||
| Updated: | 2023-06-20 | ||||||||||||||||||||
| Summary: | libXpm could allow a remote attacker to execute arbitrary code on the system, caused by compression commands depend on $PATH. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute program on the system with specific privileges. | ||||||||||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-4883 Source: secalert@redhat.com Type: Issue Tracking, Patch, Third Party Advisory secalert@redhat.com Source: XF Type: UNKNOWN libxpm-cve20224883-code-exec(244934) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: libXpm Web site [ANNOUNCE] libXpm 3.5.15 Source: CCN Type: OSS Mailing List, Tue, 17 Jan 2023 08:47:45 -0800 Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 Source: CCN Type: IBM Security Bulletin 6959583 (Cloud Pak for Network Automation) IBM Cloud Pak for Network Automation v2.4.4 fixes multiple security vulnerabilities Source: CCN Type: IBM Security Bulletin 6967333 (QRadar SIEM) IBM QRadar SIEM includes components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6986543 (Power HMC) Vulnerability in libXpm (CVE-2022-4883, CVE-2022-44617 and CVE-2022-46285) affects Power HMC | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||