Lucene search
Palo_altoCVE-2022-0073HistoryOct 27, 2022 - 8:15 p.m.
CVE-2022-0073
2022-10-2720:15:12
CWE-20
palo_alto
web.nvd.nist.gov
47
7
cve-2022-0073
improper input validation
litespeed technologies
openlitespeed web server
litespeed web server
command injection
security vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
35.0%
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
Affected configurations
Node
litespeedtechopenlitespeedRange1.7.0–1.7.16.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| litespeedtech | openlitespeed | * | cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "OpenLiteSpeed Web Server",
"repo": "https://github.com/litespeedtech/openlitespeed",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"lessThan": "1.7.16.1",
"status": "affected",
"version": "1.7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LiteSpeed Web Server",
"vendor": "LiteSpeed Technologies",
"versions": [
{
"lessThan": "1.7.16.1",
"status": "affected",
"version": "1.7.0",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
osv
osv
CVE-2022-0073
2022-10-27 20:15:12
cvelist
cvelist
nvd
nvd
CVE-2022-0073
2022-10-27 20:15:12
prion
prion
Input validation
2022-10-27 20:15:00
thn
thn
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
35.0%
Related for CVE-2022-0073