What is CVE-2022-2764?

CVE-2022-2764 is a medium-severity vulnerability in Netapp Active_iq_unified_manager, classified under Uncontrolled Resource Consumption. CVSS score: 4.9/10. Published 2022-09-01.

How severe is CVE-2022-2764?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Is CVE-2022-2764 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Netapp Active_iq_unified_manager

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

Vulnerability class: DoS (Denial of Service)

EPSS: 0.008 (50.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.

Affected products

Netapp Active_iq_unified_manager
Netapp Cloud_secure_agent
Netapp Oncommand_insight
Netapp Oncommand_workflow_automation
Redhat Integration_camel_k
Redhat Jboss_enterprise_application_platform — versions 7.0.0
Redhat Jboss_fuse — versions 7.0.0
Redhat Single_sign-on — versions 7.0
Redhat Undertow — versions 2.3.0
N/a Undertow — versions undertow 2.x

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

Public proof-of-concept exploits

muneebaashiq/MBProjects

References

secalert@redhat.com (Issue Tracking, Vendor Advisory)
secalert@redhat.com (Third Party Advisory)

Frequently asked questions

What is CVE-2022-2764?: CVE-2022-2764 is a medium-severity vulnerability in Netapp Active_iq_unified_manager, classified under Uncontrolled Resource Consumption. CVSS score: 4.9/10. Published 2022-09-01.
How severe is CVE-2022-2764?: Medium severity. CVSS v3 base score is 4.9 out of 10.
Is CVE-2022-2764 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.