CVE-2022-27778

moderate-risk

Published 2022-06-02

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

Do I need to act?

0.91% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (16)

Curl

Active Iq Unified Manager

Clustered Data Ontap

Oncommand Insight

Oncommand Workflow Automation

Snapcenter

Solidfire \& Hci Management Node

H300S Firmware

Bh500S Firmware

H700S Firmware

H410S Firmware

Hci Compute Node Firmware

Mysql Server

Universal Forwarder

Affected Vendors

Oracle Haxx Netapp Splunk

References (8)

Exploit https://hackerone.com/reports/1553598

Third Party Advisory https://security.netapp.com/advisory/ntap-20220609-0009/

Third Party Advisory https://security.netapp.com/advisory/ntap-20220729-0004/

Patch https://www.oracle.com/security-alerts/cpujul2022.html

Exploit https://hackerone.com/reports/1553598

Third Party Advisory https://security.netapp.com/advisory/ntap-20220609-0009/

Third Party Advisory https://security.netapp.com/advisory/ntap-20220729-0004/

Patch https://www.oracle.com/security-alerts/cpujul2022.html

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 3/34 · Minimal

Exposure 18/34 · Moderate