CVE-2022-34558

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WMAgent versions 1.3.3rc1 through 1.3.3rc2 reqmgr2 versions 1.4.0rc2 through 1.4.1rc5 reqmon version 1.4.1rc5 global-workqueue version 1.4.1rc5

Description The issue allows attackers to execute arbitrary code via a crafted dbs-client package. This can potentially lead to unauthorized access and control of the system.

Recommendations For WMAgent versions 1.3.3rc1 through 1.3.3rc2, update to a version that is not affected by this issue. For reqmgr2 versions 1.4.0rc2 through 1.4.1rc5, update to a version that is not affected by this issue. For reqmon version 1.4.1rc5, update to a version that is not affected by this issue. For global-workqueue version 1.4.1rc5, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the use of the dbs-client package until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-34558

GHSA-4VQ7-8699-4XGC

PYSEC-2022-43136

PYSEC-2022-43163

PYSEC-2022-43174

Affected Products

Wmagent

Dbs-Client

Global-Workqueue

Reqmgr2

Reqmon

CVE-2022-34558

Related Identifiers

Affected Products

References · 11