Multiple Vulnerabilities in Red Hat JBoss Data Grid 

Indian - Computer Emergency Response Team (cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

Red Hat JBoss Data Grid Text-Only Advisories x86_64

Overview

Multiple vulnerabilities have been reported in Red Hat JBoss which could be exploited by a remote attacker to execute arbitrary code, gain access to sensitive information or perform Denial of Service (DoS) condition on the targeted system.

Description

These vulnerabilities exit in Red Hat JBoss due to a flaw when fetching a remote url with Cookie, temporary storing uploads on the disk is enabled; improper validation of user-supplied input by the Command line plugin, missing to nested depth limitation for collections and stack-overflow in parsing YAML files. A remote attacker could exploit these vulnerabilities by sending specially crafted request to the application or by manipulating the processed input stream.

Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, gain access to sensitive information or perform Denial of Service (DoS) condition on the targeted system.

Solution

Apply appropriate fix/patches as mentioned in the following link

Vendor Information

RedHat

References

RedHat

CVE Name

CVE-2022-23647

CVE-2022-24823

CVE-2022-25857

CVE-2022-38749

CVE-2022-38750

CVE-2022-38751

CVE-2022-38752

CVE-2022-0235