Vulnerability Details : CVE-2022-45047
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
Products affected by CVE-2022-45047
- cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45047
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45047
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-45047
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by:
- nvd@nist.gov (Primary)
- security@apache.org (Secondary)
References for CVE-2022-45047
-
https://security.netapp.com/advisory/ntap-20240216-0008/
CVE-2022-45047 Apache MINA SSHD Vulnerability in NetApp Products | NetApp Product Security
-
https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerabilityMailing List;Mitigation;Third Party Advisory
-
https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html
CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability
Jump to