CVE-2022-1471

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-1471 is a high-risk vulnerability, with a score of 9.8, found in the SnakeYAML library. This flaw, which is part of a set of vulnerabilities collectively known as "ShellTorch," allows for remote code execution (RCE). Specifically, an attacker can exploit this vulnerability to upload a malicious model from a controlled address, leading to arbitrary code execution. The vulnerability is a result of a flaw in software design or implementation. Earlier in the month, Australian software company Atlassian released security updates to address several high-risk vulnerabilities, including CVE-2022-1471. These vulnerabilities, if exploited, could lead to remote code execution. Other notable vulnerabilities addressed include CVE-2023-22522, CVE-2023-22524, and CVE-2023-22523. These flaws were found in Confluence Data Center and Confluence Server, Assets Discovery for Jira Service Management, and Atlassian Companion app for macOS. The discovery of these vulnerabilities highlights the need for robust security measures in software development. To mitigate the risk posed by CVE-2022-1471 and other related vulnerabilities, users are advised to apply the security updates provided by Atlassian. By doing so, they can protect their systems from potential attacks that may lead to unauthorized access and control by malicious actors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Shelltorch
1
ShellTorch is a critical vulnerability in the TorchServe software, as identified by Israeli security firm Oligo. The flaw, which has been assigned two CVE identifiers (CVE-2022-1471 and CVE-2023-43654), allows for server-side request forgery (SSRF) and Java deserialization remote code execution (RCE
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
RCE (Remote ...
Confluence
Jira
Atlassian
Macos
Oracle
Exploit
Remote Code ...
Exploits
Java
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-22522Unspecified
2
None
CVE-2023-22524Unspecified
2
None
CVE-2023-22523Unspecified
2
None
CVE-2023-43654Unspecified
1
None
Source Document References
Information about the CVE-2022-1471 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Checkpoint
8 months ago
11th December – Threat Intelligence Report - Check Point Research
CERT-EU
8 months ago
Apache addresses high-risk Struts2 RCE bug
CERT-EU
8 months ago
Cyber Security Week in Review: December 8, 2023
CERT-EU
8 months ago
Atlassian patches several critical vulnerabilities
DARKReading
8 months ago
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps
CERT-EU
8 months ago
Atlassian patches critical RCE flaws across multiple products
CERT-EU
8 months ago
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
CERT-EU
9 months ago
This Week In Security: Browser Exploits, Play Protect, And Turn ON Your Firewall!
CERT-EU
9 months ago
Oracle issues mammoth patch collection
CERT-EU
9 months ago
Oracle Patch Tuesday, October 2023 Security Update Review | Qualys Security Blog
CERT-EU
9 months ago
GovCERT.HK - Security Alerts
CERT-EU
9 months ago
PyTorch Model Server Registration / Deserialization Remote Code Execution - KizzMyAnthia.com
CERT-EU
10 months ago
Cyber Security Week in Review: October 6, 2023
CERT-EU
10 months ago
Critical 'ShellTorch' Flaws Light Up Open Source AI Users, Like Google
CERT-EU
10 months ago
ShellTorch Flaw Exposes Thousands of AI Servers to RCE Attacks
CERT-EU
10 months ago
AI server takeovers likely with critical TorchServe vulnerabilities
CERT-EU
10 months ago
ShellTorch vulns expose PyTorch models to remote code execution
CERT-EU
10 months ago
ShellTorch flaws expose AI servers to code execution attacks
CERT-EU
10 months ago
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
CERT-EU
a year ago
Dealing with Java CVEs: Discovery, Detection, Analysis, and Resolution