CVE-2022-0853
jboss-client: memory leakage in remote client transaction
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
Se ha encontrado un fallo en JBoss-client. La vulnerabilidad es producida debido a una pĆ©rdida de memoria en el lado del cliente de JBoss, cuando es usado UserTransaction repetidamente y conlleva a una vulnerabilidad de filtrado de informaciĆ³n
A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-04 CVE Reserved
- 2022-03-11 CVE Published
- 2023-10-02 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ByteHackr/CVE-2022-0853 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2060725 | 2022-03-18 | |
| https://access.redhat.com/security/cve/CVE-2022-0853 | 2022-11-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Descision Manager Search vendor "Redhat" for product "Descision Manager" | 7.0 Search vendor "Redhat" for product "Descision Manager" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Expansion Pack Search vendor "Redhat" for product "Jboss Enterprise Application Platform Expansion Pack" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | 7.0 Search vendor "Redhat" for product "Process Automation" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Single Sign-on Search vendor "Redhat" for product "Single Sign-on" | 7.0 Search vendor "Redhat" for product "Single Sign-on" and version "7.0" | - |
Affected
| ||||||