Vulnerabilities > CVE-2022-4492 - Unspecified vulnerability in Redhat products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2023-02-23

Updated: 2023-03-24

Summary

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Single Sign ON 7.0 Redhat Jboss Fuse 7.0.0 Redhat Build OF Quarkus - Redhat Integration Service Registry - Redhat Integration Camel K - Redhat Undertow 2.7.0 Redhat Integration Camel FOR Spring Boot - Redhat Migration Toolkit FOR Applications 6.0 Redhat Migration Toolkit FOR Runtimes -	10

References

https://bugzilla.redhat.com/show_bug.cgi?id=2153260
https://access.redhat.com/security/cve/CVE-2022-4492
https://security.netapp.com/advisory/ntap-20230324-0002/