CVE-2022-23913

Published: Feb 4, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.

Affected (3)

Products: Apache: Activemq Artemis · Netapp: Active Iq Unified Manager, Oncommand Workflow Automation

Apache

1 product

Activemq Artemis

Netapp

2 products

Active Iq Unified Manager

Oncommand Workflow Automation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Activemq Artemis	Before 2.19.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Oncommand Workflow Automation	All versions

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2

Source: security@apache.org

ExploitIssue TrackingMailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220303-0003/

Source: security@apache.org

Third Party Advisory

https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingMailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220303-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.