← Back

CVE-2022-27778

nvd nist
Published: Jun 2, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

Affected (18)

Show all products
Haxx: Curl · Netapp: Active Iq Unified Manager, Clustered Data Ontap, Oncommand Insight, Oncommand Workflow Automation, Snapcenter, Solidfire & Hci Management Node, H300s Firmware, Bh500s Firmware, H700s Firmware, H410s Firmware, Hci Compute Node Firmware · Oracle: Mysql Server · Splunk: Universal Forwarder
Haxx
1 product
Curl
Netapp
11 products
Active Iq Unified Manager
Clustered Data Ontap
Oncommand Insight
Oncommand Workflow Automation
Snapcenter
Solidfire & Hci Management Node
H300s Firmware
Bh500s Firmware
H700s Firmware
H410s Firmware
Hci Compute Node Firmware
Oracle
1 product
Mysql Server
Splunk
1 product
Universal Forwarder
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Curl
Version 7.83.0
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Clustered Data Ontap
All versions
Oncommand Insight
All versions
Oncommand Workflow Automation
All versions
Snapcenter
All versions
Solidfire & Hci Management Node
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bh500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hci Compute Node Firmware
All versions
Running on/withPlatform Versions
Netapp
Hci Compute Node
All versions
Configuration H
2 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Mysql Server
Up to 5.7.38
Mysql Server
From 8.0.0 to 8.0.29
Configuration I
3 vulnerable
Vulnerable SoftwareAffected Versions
Splunk
Universal Forwarder
From 8.2.0 to 8.2.12
Universal Forwarder
From 9.0.0 to 9.0.6
Universal Forwarder
Version 9.1.0

Related CWEs

CWE-706
Use of Incorrectly-Resolved Name or Reference
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

References (8)

Source: support@hackerone.com
ExploitThird Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.