How severe is CVE-2022-24282?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2022-24282?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2022-24282

HIGH Year: 2022

CVSS v3 Score

7.2

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-502

View all →

Vulnerability Description

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.

CVE-2015-5164

HIGH

CVSS:7.2(High)

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code ...

CWE-5022015

CVE-2016-4978

HIGH

CVSS:7.2(High)

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote auth...

CWE-5022016

CVE-2016-8648

HIGH

CVSS:7.2(High)

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute r...

CWE-5022016

CVE-2017-14141

HIGH

CVSS:7.2(High)

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafte...

CWE-5022017

CVE-2018-1000509

HIGH

CVSS:7.2(High)

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circum...

CWE-5022018

CVE-2018-1000527

HIGH

CVSS:7.2(High)

Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exp...

CWE-5022018

CVE-2022-24282

Vulnerability Description

Related Vulnerabilities

CVE-2015-5164

CVE-2016-4978

CVE-2016-8648

CVE-2017-14141

CVE-2018-1000509

CVE-2018-1000527