CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://mender.io/blog/cve-2022-29555-and-cve-2022-29556-vulnerabilities-in-iot-manager-and-deviceconnect
https://northern.tech
https://mender.io/blog/cve-2022-29555-and-cve-2022-29556-vulnerabilities-in-iot-manager-and-deviceconnect
https://northern.tech

Products affected by CVE-2022-29556

Northern.tech » Mender » Version: 3.2.0

cpe:2.3:a:northern.tech:mender:3.2.0
Northern.tech » Mender » Version: 3.2.1

cpe:2.3:a:northern.tech:mender:3.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29556

Products

Pricing

Contact Us