CVE-2022-34558

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/dmwm/WMCore/issues/11188	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:global-workqueue_project:global-workqueue:1.4.1:rc5::::python::*
	cpe:2.3:a:reqmon_project:reqmon:1.4.1:rc5::::python::*
	cpe:2.3:a:reqmgr2_project:reqmgr2:1.4.0:rc2::::python::*
	cpe:2.3:a:reqmgr2_project:reqmgr2:1.4.1:rc5::::python::*
	cpe:2.3:a:wmagent_project:wmagent:1.3.3:rc2::::python::*
	cpe:2.3:a:wmagent_project:wmagent:1.3.3:rc1::::python::*

Information

Published : 2022-07-28 16:15

Updated : 2022-08-04 11:14

NVD link : CVE-2022-34558

Mitre link : CVE-2022-34558

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

reqmgr2_project

reqmgr2

global-workqueue_project

global-workqueue

wmagent_project

wmagent

reqmon_project

reqmon

9.8 /10