A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity |
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2022-10-26T15:15:45.247Z
Updated: 2024-08-03T12:14:39.960Z
Reserved: 2022-09-08T19:14:18.690Z
Link: CVE-2022-40238
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-26T16:15:11.757
Modified: 2024-11-21T07:21:07.830
Link: CVE-2022-40238
Redhat
No data.