CVE-2022-21404

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21404

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21404.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21404

Published

2022-04-19T21:15:14Z

Modified

2024-11-21T06:44:37Z

Summary

[none]

Details

Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Helidon. Successful attacks of this vulnerability can result in takeover of Helidon. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

References

https://www.oracle.com/security-alerts/cpuapr2022.html

Affected packages

Git / github.com/oracle/helidon

Affected ranges

Type: GIT
Repo: https://github.com/oracle/helidon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

16323f76c5569d7670894a8510407fc69b843066

Last affected

1c36ce7b6f19282361f30643ce7b973545cbdd67