CVE-2022-35278
Summary
| CVE | CVE-2022-35278 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-23 15:15:00 UTC |
| Updated | 2022-12-13 01:59:00 UTC |
| Description | In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Activemq Artemis | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-35278 Apache ActiveMQ Artemis Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| lists.apache.org/thread/bh6y81wtotg75337bpvxcjy436zfgf3n | MISC | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.
There are currently no legacy QID mappings associated with this CVE.