CVE-2022-1471

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-1471 is a high-risk vulnerability, with a score of 9.8, found in the SnakeYAML library. This flaw, which is part of a set of vulnerabilities collectively known as "ShellTorch," allows for remote code execution (RCE). Specifically, an attacker can exploit this vulnerability to upload a malicious model from a controlled address, leading to arbitrary code execution. The vulnerability is a result of a flaw in software design or implementation. Earlier in the month, Australian software company Atlassian released security updates to address several high-risk vulnerabilities, including CVE-2022-1471. These vulnerabilities, if exploited, could lead to remote code execution. Other notable vulnerabilities addressed include CVE-2023-22522, CVE-2023-22524, and CVE-2023-22523. These flaws were found in Confluence Data Center and Confluence Server, Assets Discovery for Jira Service Management, and Atlassian Companion app for macOS. The discovery of these vulnerabilities highlights the need for robust security measures in software development. To mitigate the risk posed by CVE-2022-1471 and other related vulnerabilities, users are advised to apply the security updates provided by Atlassian. By doing so, they can protect their systems from potential attacks that may lead to unauthorized access and control by malicious actors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Shelltorch
1
ShellTorch is a critical vulnerability in the TorchServe software, as identified by Israeli security firm Oligo. The flaw, which has been assigned two CVE identifiers (CVE-2022-1471 and CVE-2023-43654), allows for server-side request forgery (SSRF) and Java deserialization remote code execution (RCE
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Jira
Atlassian
RCE (Remote ...
Vulnerability
Confluence
Oracle
Macos
Server
Java
Exploits
Exploit
Remote Code ...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-22522Unspecified
2
None
CVE-2023-22524Unspecified
2
None
CVE-2023-22523Unspecified
2
None
CVE-2023-43654Unspecified
1
None
Source Document References
Information about the CVE-2022-1471 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
CERT-EU
8 months ago
ShellTorch Flaw Exposes Thousands of AI Servers to RCE Attacks
CERT-EU
8 months ago
ShellTorch flaws expose AI servers to code execution attacks
CERT-EU
8 months ago
ShellTorch vulns expose PyTorch models to remote code execution
CERT-EU
6 months ago
Apache addresses high-risk Struts2 RCE bug
CERT-EU
9 months ago
Dealing with Java CVEs: Discovery, Detection, Analysis, and Resolution
CERT-EU
a year ago
Deserialization of untrusted data in IBM Workload Scheduler
CERT-EU
a year ago
Deserialization of untrusted data in IBM Maximo Application Suite
CERT-EU
8 months ago
PyTorch Model Server Registration / Deserialization Remote Code Execution - KizzMyAnthia.com
CERT-EU
8 months ago
Cyber Security Week in Review: October 6, 2023
CERT-EU
a year ago
Multiple vulnerabilities in Axway SecureTransport
CERT-EU
a year ago
GovCERT.HK - Security Alerts
CERT-EU
a year ago
Deserialization of untrusted data in IBM Process Mining
CERT-EU
8 months ago
Oracle issues mammoth patch collection
CERT-EU
6 months ago
Atlassian patches several critical vulnerabilities
CERT-EU
6 months ago
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
CERT-EU
a year ago
Multiple vulnerabilities in Red Hat OpenShift GitOps 1.6
CERT-EU
a year ago
OpenShift Developer Tools and Services for OCP 4.11 update for jenkins and jenkins-2-plugins
DARKReading
6 months ago
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps
CERT-EU
a year ago
GovCERT.HK - Security Alerts