How severe is CVE-2022-37023?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-37023?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2022-37023 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance.

Related Vulnerabilities

CVE-2016-10304

MEDIUM

CVSS:6.5(Medium)

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java obj...

CWE-5022016

CVE-2017-1000355

MEDIUM

CVSS:6.5(Medium)

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

CWE-5022017

CVE-2017-10803

MEDIUM

CVSS:6.5(Medium)

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated pri...

CWE-5022017

CVE-2019-12799

MEDIUM

CVSS:6.5(Medium)

In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right...

CWE-5022019

CVE-2019-14466

MEDIUM

CVSS:6.5(Medium)

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user acc...

CWE-5022019

CVE-2020-12469

MEDIUM

CVSS:6.5(Medium)

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.

CWE-5022020