Vulnerability Details CVE-2022-45047
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.041
EPSS Ranking 88.0%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-45047
-
cpe:2.3:a:apache:sshd:0.1.0
-
cpe:2.3:a:apache:sshd:0.10.0
-
cpe:2.3:a:apache:sshd:0.10.1
-
cpe:2.3:a:apache:sshd:0.11.0
-
cpe:2.3:a:apache:sshd:0.12.0
-
cpe:2.3:a:apache:sshd:0.13.0
-
cpe:2.3:a:apache:sshd:0.14.0
-
cpe:2.3:a:apache:sshd:0.2.0
-
cpe:2.3:a:apache:sshd:0.3.0
-
cpe:2.3:a:apache:sshd:0.4.0
-
cpe:2.3:a:apache:sshd:0.5.0
-
cpe:2.3:a:apache:sshd:0.6.0
-
cpe:2.3:a:apache:sshd:0.7.0
-
cpe:2.3:a:apache:sshd:0.8.0
-
cpe:2.3:a:apache:sshd:0.9.0
-
cpe:2.3:a:apache:sshd:1.0.0
-
cpe:2.3:a:apache:sshd:1.1.0
-
cpe:2.3:a:apache:sshd:1.1.1
-
cpe:2.3:a:apache:sshd:1.2.0
-
cpe:2.3:a:apache:sshd:1.3.0
-
cpe:2.3:a:apache:sshd:1.4.0
-
cpe:2.3:a:apache:sshd:1.5.0
-
cpe:2.3:a:apache:sshd:1.6.0
-
cpe:2.3:a:apache:sshd:1.7.0
-
cpe:2.3:a:apache:sshd:2.0.0
-
cpe:2.3:a:apache:sshd:2.1.0
-
cpe:2.3:a:apache:sshd:2.2.0
-
cpe:2.3:a:apache:sshd:2.3.0
-
cpe:2.3:a:apache:sshd:2.4.0
-
cpe:2.3:a:apache:sshd:2.5.0
-
cpe:2.3:a:apache:sshd:2.5.1
-
cpe:2.3:a:apache:sshd:2.6.0
-
cpe:2.3:a:apache:sshd:2.7.0
-
cpe:2.3:a:apache:sshd:2.8.0
-
cpe:2.3:a:apache:sshd:2.9.0
-
cpe:2.3:a:apache:sshd:2.9.1