What is CVE-2022-24735?

CVE-2022-24735 is a low-severity vulnerability in Netapp Management_services_for_element_software, classified under Code Injection. CVSS score: 3.9/10. Published 2022-04-27.

How severe is CVE-2022-24735?

Low severity. CVSS v3 base score is 3.9 out of 10.

Is CVE-2022-24735 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Netapp Management_services_for_element_software

CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potent…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.021 (79.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.9 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.

Affected products

Netapp Management_services_for_element_software
Netapp Management_services_for_netapp_hci
Oracle Communications_operations_monitor — versions 4.3, 4.4, 5.0
Redis — versions 7.0, < 7.0.0, >= 6.0.0, < 6.2.7
Fedoraproject Fedora — versions 34, 35, 36

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
security-advisories@github.com (Exploit, Third Party Advisory, x_refsource_MISC)
security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Release Notes)
security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Release Notes)
security-advisories@github.com (x_refsource_FEDORA, vendor-advisory)
security-advisories@github.com (x_refsource_FEDORA, vendor-advisory)
security-advisories@github.com (x_refsource_FEDORA, vendor-advisory)
security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
security-advisories@github.com (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2022-24735?: CVE-2022-24735 is a low-severity vulnerability in Netapp Management_services_for_element_software, classified under Code Injection. CVSS score: 3.9/10. Published 2022-04-27.
How severe is CVE-2022-24735?: Low severity. CVSS v3 base score is 3.9 out of 10.
Is CVE-2022-24735 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.