← Retour aux CVEs

CVE-2022-45047

CRITICAL

9.8

Description

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie11/16/2022

Derniere modification5/1/2026

Sourcenvd

Observations honeypot0

Produits affectes

apache:sshd

Faiblesses (CWE)

CWE-502CWE-502

References

https://security.netapp.com/advisory/ntap-20240216-0008/(security@apache.org)

https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html(security@apache.org)

https://security.netapp.com/advisory/ntap-20240216-0008/(af854a3a-2127-422b-91ae-364da2661108)

https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.