目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2022-29464— WSO2 API Manager 路径遍历漏洞

CVSS 9.8 · Critical KEV · ランサムウェア EPSS 94.43% · P100
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2022-29464の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
WSO2 API Manager 路径遍历漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。 WSO2 API Manager 存在路径遍历漏洞,该漏洞允许无限制的文件上传和远程代码执行。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

Shenlong 10 Questions — AI 深度分析

十问解析:根本原因、利用方式、修复建议、紧迫性。摘要免费,完整版需登录。

查看摘要 完整分析(登录)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
-n/a n/a -

II. CVE-2022-29464の公開POC

#POC説明ソースリンクShenlongリンク
1WSO2 RCE (CVE-2022-29464) exploit and writeup.https://github.com/hakivvi/CVE-2022-29464POC詳細
2Nonehttps://github.com/tufanturhan/wso2-rce-cve-2022-29464POC詳細
3Pre-auth RCE bug CVE-2022-29464https://github.com/mr-r3bot/WSO2-CVE-2022-29464POC詳細
4cve-2022-29464 批量脚本https://github.com/Lidong-io/cve-2022-29464POC詳細
5WSO2 RCE (CVE-2022-29464) https://github.com/h3v0x/CVE-2022-29464POC詳細
6 Repository containing nse script for vulnerability CVE-2022-29464 known as WSO2 RCE.https://github.com/gpiechnik2/nmap-CVE-2022-29464POC詳細
7Nonehttps://github.com/0xAgun/CVE-2022-29464POC詳細
8😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.https://github.com/oppsec/WSOBPOC詳細
9Nonehttps://github.com/crypticdante/CVE-2022-29464POC詳細
10Nonehttps://github.com/lowkey0808/cve-2022-29464POC詳細
11CVE-2022-29464 POC exploithttps://github.com/superzerosec/CVE-2022-29464POC詳細
121https://github.com/axin2019/CVE-2022-29464POC詳細
13cve-2022-29464 EXPhttps://github.com/LinJacck/CVE-2022-29464POC詳細
14A bots loader for CVE-2022-29464 with multithreadinghttps://github.com/Inplex-sys/CVE-2022-29464-loaderPOC詳細
15Python script to exploit CVE-2022-29464 (mass mode)https://github.com/Chocapikk/CVE-2022-29464POC詳細
16CVE-2022-29464 PoC for WSO2 productshttps://github.com/jimidk/Better-CVE-2022-29464POC詳細
17Mass Exploit for CVE 2022-29464 on Carbonhttps://github.com/electr0lulz/Mass-exploit-CVE-2022-29464POC詳細
18Python script to exploit CVE-2022-29464 (mass mode)https://github.com/xinghonghaoyue/CVE-2022-29464POC詳細
19CVE-2022-29464 Exploithttps://github.com/Pasch0/WSO2RCEPOC詳細
20Nonehttps://github.com/r4x0r1337/-CVE-2022-29464POC詳細
21Nonehttps://github.com/amit-pathak009/CVE-2022-29464POC詳細
22Nonehttps://github.com/amit-pathak009/CVE-2022-29464-massPOC詳細
23WSO2 Arbitrary File Upload to Remote Command Execution (RCE)https://github.com/hupe1980/CVE-2022-29464POC詳細
24RCE exploit for WSO2https://github.com/gbrsh/CVE-2022-29464POC詳細
25Nonehttps://github.com/Jhonsonwannaa/CVE-2022-29464-POC詳細
26Nonehttps://github.com/devengpk/CVE-2022-29464POC詳細
27Perform With Mass Exploits In WSO Management.https://github.com/ThatNotEasy/CVE-2022-29464POC詳細
28A PoC and Exploit for CVE 2022-29464https://github.com/Pushkarup/CVE-2022-29464POC詳細
29SynixCyberCrimeMY CVE Exploiter By SamuraiMelayu1337 & ?/h4zzzzzz.scchttps://github.com/SynixCyberCrimeMy/CVE-2022-29464POC詳細
30WSO2 RCE (CVE-2022-29464) https://github.com/hev0x/CVE-2022-29464POC詳細
31Nonehttps://github.com/H3xL00m/CVE-2022-29464POC詳細
32Nonehttps://github.com/n3ov4n1sh/CVE-2022-29464POC詳細
33Nonehttps://github.com/c0d3cr4f73r/CVE-2022-29464POC詳細
34CVE-2022-29464 exploit scripthttps://github.com/cc3305/CVE-2022-29464POC詳細
35Nonehttps://github.com/Sp3c73rSh4d0w/CVE-2022-29464POC詳細
36Nonehttps://github.com/0xwh1pl4sh/CVE-2022-29464POC詳細
37Nonehttps://github.com/N3rdyN3xus/CVE-2022-29464POC詳細
38Nonehttps://github.com/NyxByt3/CVE-2022-29464POC詳細
39Nonehttps://github.com/h3xcr4ck3r/CVE-2022-29464POC詳細
40Nonehttps://github.com/mpvx/CVE-2022-29464POC詳細
41Nonehttps://github.com/n3rdh4x0r/CVE-2022-29464POC詳細
42Python script to exploit CVE-2022-29464 (mass mode)https://github.com/g0dxing/CVE-2022-29464POC詳細
43Nonehttps://github.com/c1ph3rbyt3/CVE-2022-29464POC詳細
44Mass Exploit for CVE 2022-29464 on Carbonhttps://github.com/hxlxmj/Mass-exploit-CVE-2022-29464POC詳細
45😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.https://github.com/000pp/WSOBPOC詳細
46Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-29464.yamlPOC詳細
47Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/WSO2%20fileupload%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%20CVE-2022-29464.mdPOC詳細
48Nonehttps://github.com/h3x0v3rl0rd/CVE-2022-29464POC詳細
49A bots loader for CVE-2022-29464 with multithreadinghttps://github.com/SystemVll/CVE-2022-29464-loaderPOC詳細
50😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.https://github.com/0xdsm/WSOBPOC詳細
51A bots loader for CVE-2022-29464 with multithreadinghttps://github.com/SystemVll/CVE-2022-29464POC詳細
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2022-29464のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-04-18 · 26 CVEs total

CVE-2022-27526Autodesk Design Review 缓冲区错误漏洞
CVE-2022-29457ZOHO ManageEngine ADSelfService Plus 安全漏洞
CVE-2022-25226ThinVNC 安全漏洞
CVE-2011-4917Linux kernel 安全漏洞
CVE-2021-42778OpenSC 资源管理错误漏洞
CVE-2011-1762Wordpress 安全漏洞
CVE-2021-3681Ansible Galaxy Collections 安全漏洞
CVE-2021-3503Red Hat Wildfly 安全漏洞
CVE-2021-3624dcraw 输入验证错误漏洞
CVE-2022-1341bwm-ng 代码问题漏洞
CVE-2022-27652cri-o 安全漏洞
CVE-2022-27530Autodesk AutoCAD 缓冲区错误漏洞
CVE-2022-27529Autodesk AutoCAD 缓冲区错误漏洞
CVE-2021-3652389-ds-base 安全漏洞
CVE-2022-27525Autodesk AutoCAD 缓冲区错误漏洞
CVE-2021-46122TP-LINK TL-WR840N 安全漏洞
CVE-2022-26665Tyler Technologies Tyler Odyssey 安全漏洞
CVE-2022-26631ResearchGate Automatic Question Paper Generator System SQL注入漏洞
CVE-2022-28810ZOHO ManageEngine ADSelfService Plus 信任管理问题漏洞
CVE-2022-27908ZOHO ManageEngine OpManager SQL注入漏洞

Showing 20 of 26 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: n/a
同じベンダー: n/a

V. CVE-2022-29464へのコメント

まだコメントはありません

コメントを残す