CVE-2022-45470

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/11/21/1	Mailing List Third Party Advisory
https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l	Issue Tracking Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/11/21/1	Mailing List Third Party Advisory
https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l	Issue Tracking Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:hama:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:29

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2022/11/21/1 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2022/11/21/1 - Mailing List, Third Party Advisory
References	~~() https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l - Issue Tracking, Mailing List, Vendor Advisory~~	() https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l - Issue Tracking, Mailing List, Vendor Advisory

07 Nov 2023, 03:54

Type	Values Removed	Values Added
Summary	UNSUPPPORTED WHEN ASSIGNED missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.	missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Information

Published : 2022-11-21 16:15

Updated : 2025-04-29 14:15

NVD link : CVE-2022-45470

Mitre link : CVE-2022-45470

CVE.ORG link : CVE-2022-45470

JSON object : View

Products Affected

apache

hama

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2022-45470", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "security@apache.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-11-21T16:15:25.970", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/11/21/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2022/11/21/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO SE ASIGNA ** la falta de validaci\u00f3n de entrada en Apache Hama puede provocar la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del path traversal y XSS. Dado que Apache Hama est\u00e1 en EOL, no esperamos que se solucionen estos problemas."}], "lastModified": "2025-04-29T14:15:27.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:hama:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9C628B-0E09-4782-8EF2-BF5FB7B46135", "versionEndIncluding": "1.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}