CVE-2022-24082 (GCVE-0-2022-24082)

Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2024-08-03 03:59
VLAI?
Summary
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
Severity ?
9.8 (Critical)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
Pegasystems Pega Infinity Affected: 8.1.0 , < unspecified (custom)
Affected: unspecified , < 8.7.3 (custom)
Create a notification for this product.
Credits
Marcin Wolak, Rabobank Red Team
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:59:23.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pega Infinity",
          "vendor": "Pegasystems",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Marcin Wolak, Rabobank Red Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-24T00:00:00",
        "orgId": "c91e5604-2bd1-401f-a0ec-b25342b57ef9",
        "shortName": "Pega"
      },
      "references": [
        {
          "url": "https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0"
        },
        {
          "url": "http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c91e5604-2bd1-401f-a0ec-b25342b57ef9",
    "assignerShortName": "Pega",
    "cveId": "CVE-2022-24082",
    "datePublished": "2022-07-19T00:00:00",
    "dateReserved": "2022-01-27T00:00:00",
    "dateUpdated": "2024-08-03T03:59:23.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.1.0\", \"versionEndExcluding\": \"8.7.3\", \"matchCriteriaId\": \"9AA500E7-CE8A-4943-B747-F3C69A6507D5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.\"}, {\"lang\": \"es\", \"value\": \"Si una instalaci\\u00f3n local de Pega Platform est\\u00e1 configurada con el puerto de la interfaz JMX expuesto a Internet y el filtrado de puertos no est\\u00e1 configurado apropiadamente, puede ser posible cargar cargas \\u00fatiles serializadas para atacar el sistema subyacente. Esto no afecta a sistemas que son ejecutados en PegaCloud debido a su dise\\u00f1o y arquitectura.\"}]",
      "id": "CVE-2022-24082",
      "lastModified": "2024-11-21T06:49:46.687",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"security@pega.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-07-19T15:15:08.487",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html\", \"source\": \"security@pega.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0\", \"source\": \"security@pega.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@pega.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@pega.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24082\",\"sourceIdentifier\":\"security@pega.com\",\"published\":\"2022-07-19T15:15:08.487\",\"lastModified\":\"2024-11-21T06:49:46.687\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.\"},{\"lang\":\"es\",\"value\":\"Si una instalaci\u00f3n local de Pega Platform est\u00e1 configurada con el puerto de la interfaz JMX expuesto a Internet y el filtrado de puertos no est\u00e1 configurado apropiadamente, puede ser posible cargar cargas \u00fatiles serializadas para atacar el sistema subyacente. Esto no afecta a sistemas que son ejecutados en PegaCloud debido a su dise\u00f1o y arquitectura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@pega.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@pega.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.7.3\",\"matchCriteriaId\":\"9AA500E7-CE8A-4943-B747-F3C69A6507D5\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html\",\"source\":\"security@pega.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0\",\"source\":\"security@pega.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.