VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-uyp8-req2-aaag

Essentials
Severities (119)
References (38)
Severity details (33)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-uyp8-req2-aaag
Aliases	CVE-2022-4492 GHSA-pfcc-3g6r-8rg8
Summary	Undertow client not checking server identity presented by server certificate in https connections
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-550	Server-generated Error Message Containing Sensitive Information
CWE-918	Server-Side Request Forgery (SSRF)

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:3954
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:3954
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
cvssv3.1	9.8	https://access.redhat.com/security/cve/CVE-2022-4492
generic_textual	CRITICAL	https://access.redhat.com/security/cve/CVE-2022-4492
ssvc	Track	https://access.redhat.com/security/cve/CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
epss	0.00385	https://api.first.org/data/v1/epss?cve=CVE-2022-4492
cvssv3.1	9.8	https://bugzilla.redhat.com/show_bug.cgi?id=2153260
generic_textual	CRITICAL	https://bugzilla.redhat.com/show_bug.cgi?id=2153260
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2153260
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
cvssv3.1	9.8	https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
generic_textual	CRITICAL	https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
cvssv3.1	9.8	https://github.com/undertow-io/undertow/pull/1447
generic_textual	CRITICAL	https://github.com/undertow-io/undertow/pull/1447
cvssv3.1	9.8	https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
generic_textual	CRITICAL	https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
cvssv3.1	7.5	https://github.com/undertow-io/undertow/pull/1457
cvssv3.1	9.8	https://github.com/undertow-io/undertow/pull/1457
generic_textual	CRITICAL	https://github.com/undertow-io/undertow/pull/1457
generic_textual	HIGH	https://github.com/undertow-io/undertow/pull/1457
cvssv3.1	9.8	https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
generic_textual	CRITICAL	https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
cvssv3.1	9.8	https://issues.redhat.com/browse/MTA-93
generic_textual	CRITICAL	https://issues.redhat.com/browse/MTA-93
cvssv3.1	9.8	https://issues.redhat.com/browse/UNDERTOW-2212
generic_textual	CRITICAL	https://issues.redhat.com/browse/UNDERTOW-2212
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-4492
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-4492
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-4492
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2022-4492
cvssv3.1	9.8	https://security.netapp.com/advisory/ntap-20230324-0002
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20230324-0002
ssvc	Track	https://security.netapp.com/advisory/ntap-20230324-0002/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-4492
		https://bugzilla.redhat.com/show_bug.cgi?id=2153260
		https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
		https://github.com/undertow-io/undertow/pull/1447
		https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
		https://github.com/undertow-io/undertow/pull/1457
		https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
		https://issues.redhat.com/browse/MTA-93
		https://issues.redhat.com/browse/UNDERTOW-2212
		https://security.netapp.com/advisory/ntap-20230324-0002
		https://security.netapp.com/advisory/ntap-20230324-0002/
1032087		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032087
cpe:2.3:a:redhat:build_of_quarkus:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_quarkus:-:::::::*
cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:::::::*
cpe:2.3:a:redhat:integration_camel_k:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_k:-:::::::*
cpe:2.3:a:redhat:integration_service_registry:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_service_registry:-:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:::::::*
cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:::::::*
cpe:2.3:a:redhat:single_sign-on:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
cpe:2.3:a:redhat:undertow:2.7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.7.0:::::::*
CVE-2022-4492		https://access.redhat.com/security/cve/CVE-2022-4492
CVE-2022-4492		https://nvd.nist.gov/vuln/detail/CVE-2022-4492
GHSA-pfcc-3g6r-8rg8		https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
RHSA-2023:2100		https://access.redhat.com/errata/RHSA-2023:2100
RHSA-2023:2705		https://access.redhat.com/errata/RHSA-2023:2705
RHSA-2023:2706		https://access.redhat.com/errata/RHSA-2023:2706
RHSA-2023:2707		https://access.redhat.com/errata/RHSA-2023:2707
RHSA-2023:2710		https://access.redhat.com/errata/RHSA-2023:2710
RHSA-2023:2713		https://access.redhat.com/errata/RHSA-2023:2713
RHSA-2023:3813		https://access.redhat.com/errata/RHSA-2023:3813
RHSA-2023:3954		https://access.redhat.com/errata/RHSA-2023:3954
RHSA-2023:4627		https://access.redhat.com/errata/RHSA-2023:4627
RHSA-2023:4983		https://access.redhat.com/errata/RHSA-2023:4983
RHSA-2025:9582		https://access.redhat.com/errata/RHSA-2025:9582
RHSA-2025:9583		https://access.redhat.com/errata/RHSA-2025:9583

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:3954

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ Found at https://access.redhat.com/errata/RHSA-2023:3954

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2022-4492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/ Found at https://access.redhat.com/security/cve/CVE-2022-4492

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2153260

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2153260

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/undertow-io/undertow/pull/1447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/pull/1457

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/undertow-io/undertow/pull/1457

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://issues.redhat.com/browse/MTA-93

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://issues.redhat.com/browse/UNDERTOW-2212

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20230324-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/ Found at https://security.netapp.com/advisory/ntap-20230324-0002/

Exploit Prediction Scoring System (EPSS)

Percentile	0.24208
EPSS Score	0.00078
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.