Search criteria
42 vulnerabilities found for cloud_protection_for_salesforce by f-secure
FKIE_CVE-2022-28886
Vulnerability from fkie_nvd - Published: 2022-09-23 19:15 - Updated: 2025-05-22 19:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | collaboration_protection | * | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA15CDF-797E-49A0-9643-686EF1B4F5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:windows:x86:*",
"matchCriteriaId": "30FE3885-E51D-44DD-A5D8-0795AE3830BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30BDCB44-B304-4A12-86A0-4849FAB25D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio en los productos F-Secure y WithSecure en la que el archivo aerdl.so/aerdl.dll puede entrar en un bucle infinito cuando son desempaquetados archivos PE. Es posible que esto pueda bloquear el motor de escaneo"
}
],
"id": "CVE-2022-28886",
"lastModified": "2025-05-22T19:15:29.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-23T19:15:11.447",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-28882
Vulnerability from fkie_nvd - Published: 2022-08-23 16:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en los productos F-Secure y WithSecure por la que el archivo aegen.dll entra en un bucle infinito cuando desempaqueta archivos PE. Esto conlleva finalmente a un bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante."
}
],
"id": "CVE-2022-28882",
"lastModified": "2024-11-21T06:58:07.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.237",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28883
Vulnerability from fkie_nvd - Published: 2022-08-23 16:15 - Updated: 2024-11-21 06:58
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en los productos F-Secure y WithSecure por la que la funci\u00f3n de desempaquetado de aerdl es bloqueada. Esto puede conllevar a un posible bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenado remotamente por un atacante."
}
],
"id": "CVE-2022-28883",
"lastModified": "2024-11-21T06:58:07.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.283",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28881
Vulnerability from fkie_nvd - Published: 2022-08-10 20:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F97045C-E576-49D3-9630-072E26F7D64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant por la que el componente aerdl.dll usado en determinados productos WithSecure es bloqueado, lo que conlleva a un bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante"
}
],
"id": "CVE-2022-28881",
"lastModified": "2024-11-21T06:58:07.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-10T20:15:32.953",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28880
Vulnerability from fkie_nvd - Published: 2022-08-05 17:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
| URL | Tags | ||
|---|---|---|---|
| cve-notifications-us@f-secure.com | https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame | Not Applicable, Vendor Advisory | |
| cve-notifications-us@f-secure.com | https://www.withsecure.com/en/expertise/people | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.withsecure.com/en/expertise/people | Not Applicable, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F97045C-E576-49D3-9630-072E26F7D64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio en F-Secure Atlant y en algunos productos WithSecure durante el escaneo de archivos fuzzed PE32-bit que puede bloquear el motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante"
}
],
"id": "CVE-2022-28880",
"lastModified": "2024-11-21T06:58:07.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T17:15:08.447",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/expertise/people"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28879
Vulnerability from fkie_nvd - Published: 2022-07-22 16:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | elements_collaboration_protection | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | linux_security_64 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D28AA80A-1FF6-4DD6-BCCB-C455C2BB5032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant y en determinados productos WithSecure por la que el escaneo del componente aepack.dll puede bloquear el motor de escaneo"
}
],
"id": "CVE-2022-28879",
"lastModified": "2024-11-21T06:58:07.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T16:15:08.247",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28878
Vulnerability from fkie_nvd - Published: 2022-07-22 16:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | - | |
| f-secure | cloud_protection_for_salesforce | - | |
| f-secure | elements_collaboration_protection | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | linux_security_64 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D28AA80A-1FF6-4DD6-BCCB-C455C2BB5032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio en F-Secure Atlant y en determinados productos WithSecure al escanear el archivo APK fuzzed es posible que pueda bloquear el motor de escaneo"
}
],
"id": "CVE-2022-28878",
"lastModified": "2024-11-21T06:58:07.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-22T16:15:08.193",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28876
Vulnerability from fkie_nvd - Published: 2022-07-14 15:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBE4C11-5678-420C-ACC1-B92B095C6D1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en F-Secure Atlant y en determinados productos WithSecure por la que el escaneo del componente aeheur.dll puede bloquear el motor de escaneo. La explotaci\u00f3n puede ser desencadenado remotamente por un atacante"
}
],
"id": "CVE-2022-28876",
"lastModified": "2024-11-21T06:58:06.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.040",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28875
Vulnerability from fkie_nvd - Published: 2022-05-25 16:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D28AA80A-1FF6-4DD6-BCCB-C455C2BB5032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant y en determinados productos WithSecure por la que el escaneo del componente aemobile puede bloquear el motor de escaneo. La explotaci\u00f3n puede ser activado remotamente por un atacante"
}
],
"id": "CVE-2022-28875",
"lastModified": "2024-11-21T06:58:06.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T16:15:08.297",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-33603
Vulnerability from fkie_nvd - Published: 2021-10-08 10:15 - Updated: 2024-11-21 06:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_for_microsoft_365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5FAF08-98B4-46C1-890A-958860119ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant por la que el componente del m\u00f3dulo AVPACK usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una Denegaci\u00f3n de Servicio (DoS) del motor Antivirus"
}
],
"id": "CVE-2021-33603",
"lastModified": "2024-11-21T06:09:11.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T10:15:07.817",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-40832
Vulnerability from fkie_nvd - Published: 2021-10-08 10:15 - Updated: 2024-11-21 06:24
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_for_microsoft_365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5FAF08-98B4-46C1-890A-958860119ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDCC601-0F8F-4D23-9DE1-5B4B72C689AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en F-Secure Atlant, por la que el componente del m\u00f3dulo de desempaquetado AVRDL usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una Denegaci\u00f3n de Servicio (DoS) del motor Antivirus"
}
],
"id": "CVE-2021-40832",
"lastModified": "2024-11-21T06:24:52.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T10:15:07.890",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-28886 (GCVE-0-2022-28886)
Vulnerability from cvelistv5 – Published: 2022-09-23 18:24 – Updated: 2025-05-22 18:15
VLAI?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper |
Affected:
All Version
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:34:58.964193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:15:13.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T18:24:04.000Z",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28886",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28886",
"datePublished": "2022-09-23T18:24:04.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:15:13.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28883 (GCVE-0-2022-28883)
Vulnerability from cvelistv5 – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:14",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28883",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28883",
"datePublished": "2022-08-23T15:54:14",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28882 (GCVE-0-2022-28882)
Vulnerability from cvelistv5 – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:02",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28882",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28882",
"datePublished": "2022-08-23T15:54:02",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28881 (GCVE-0-2022-28881)
Vulnerability from cvelistv5 – Published: 2022-08-10 16:03 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T16:03:24",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28881",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28881",
"datePublished": "2022-08-10T16:03:24",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28880 (GCVE-0-2022-28880)
Vulnerability from cvelistv5 – Published: 2022-08-05 16:46 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T16:46:48",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28880",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/expertise/people",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"name": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28880",
"datePublished": "2022-08-05T16:46:48",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28878 (GCVE-0-2022-28878)
Vulnerability from cvelistv5 – Published: 2022-07-22 15:29 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:29:00",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28878",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28878",
"datePublished": "2022-07-22T15:29:00",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28879 (GCVE-0-2022-28879)
Vulnerability from cvelistv5 – Published: 2022-07-22 15:27 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:27:34",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28879",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28879",
"datePublished": "2022-07-22T15:27:34",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28876 (GCVE-0-2022-28876)
Vulnerability from cvelistv5 – Published: 2022-07-14 14:45 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T14:45:07",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-04_09"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28876",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-04_09"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28876",
"datePublished": "2022-07-14T14:45:07",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28875 (GCVE-0-2022-28875)
Vulnerability from cvelistv5 – Published: 2022-05-25 15:09 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T15:09:30",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28875",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28875",
"datePublished": "2022-05-25T15:09:30",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40832 (GCVE-0-2021-40832)
Vulnerability from cvelistv5 – Published: 2021-10-08 09:45 – Updated: 2024-08-04 02:51
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
Severity ?
5.5 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-08T09:45:34",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-09-29_03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-40832",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-09-29_03"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-40832",
"datePublished": "2021-10-08T09:45:34",
"dateReserved": "2021-09-09T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28886 (GCVE-0-2022-28886)
Vulnerability from nvd – Published: 2022-09-23 18:24 – Updated: 2025-05-22 18:15
VLAI?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper |
Affected:
All Version
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:34:58.964193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:15:13.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T18:24:04.000Z",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28886",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-13_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28886",
"datePublished": "2022-09-23T18:24:04.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:15:13.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28883 (GCVE-0-2022-28883)
Vulnerability from nvd – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:14",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28883",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28883",
"datePublished": "2022-08-23T15:54:14",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28882 (GCVE-0-2022-28882)
Vulnerability from nvd – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:02",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28882",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28882",
"datePublished": "2022-08-23T15:54:02",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28881 (GCVE-0-2022-28881)
Vulnerability from nvd – Published: 2022-08-10 16:03 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T16:03:24",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28881",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28881",
"datePublished": "2022-08-10T16:03:24",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28880 (GCVE-0-2022-28880)
Vulnerability from nvd – Published: 2022-08-05 16:46 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T16:46:48",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28880",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/expertise/people",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/expertise/people"
},
{
"name": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-29_13"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28880",
"datePublished": "2022-08-05T16:46:48",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28878 (GCVE-0-2022-28878)
Vulnerability from nvd – Published: 2022-07-22 15:29 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:29:00",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28878",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28878",
"datePublished": "2022-07-22T15:29:00",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28879 (GCVE-0-2022-28879)
Vulnerability from nvd – Published: 2022-07-22 15:27 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T15:27:34",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28879",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28879",
"datePublished": "2022-07-22T15:27:34",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28876 (GCVE-0-2022-28876)
Vulnerability from nvd – Published: 2022-07-14 14:45 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T14:45:07",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-04_09"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28876",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-04_09"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28876",
"datePublished": "2022-07-14T14:45:07",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28875 (GCVE-0-2022-28875)
Vulnerability from nvd – Published: 2022-05-25 15:09 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial-of-Service (DoS) Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS) Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T15:09:30",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28875",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure \u0026 WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce \u0026 WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS) Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-05-16_12"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28875",
"datePublished": "2022-05-25T15:09:30",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}