CVE Vulnerability

CVE-2022-34558

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/dmwm/WMCore/issues/11188 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:global-workqueue_project:global-workqueue:1.4.1:rc5:*:*:*:python:*:*
cpe:2.3:a:reqmon_project:reqmon:1.4.1:rc5:*:*:*:python:*:*
cpe:2.3:a:reqmgr2_project:reqmgr2:1.4.0:rc2:*:*:*:python:*:*
cpe:2.3:a:reqmgr2_project:reqmgr2:1.4.1:rc5:*:*:*:python:*:*
cpe:2.3:a:wmagent_project:wmagent:1.3.3:rc2:*:*:*:python:*:*
cpe:2.3:a:wmagent_project:wmagent:1.3.3:rc1:*:*:*:python:*:*
Information

Published : 2022-07-28 11:15

Updated : 2022-08-04 06:14

NVD link : CVE-2022-34558

Mitre link : CVE-2022-34558

Products Affected
No products.
CWE
NVD-CWE-noinfo