What is the severity of CVE-2022-28719?

CVE-2022-28719 has a high severity due to the potential for unauthorized remote code execution.

How do I fix CVE-2022-28719?

To mitigate CVE-2022-28719, upgrade AssetView to version 13.2.0 or later.

What type of vulnerability is CVE-2022-28719?

CVE-2022-28719 is a missing authentication vulnerability affecting critical functions.

Who is affected by CVE-2022-28719?

CVE-2022-28719 affects users of AssetView prior to version 13.2.0.

What can an attacker do with CVE-2022-28719?

An attacker exploiting CVE-2022-28719 can upload a crafted configuration file, potentially leading to arbitrary code execution on managed clients.

Vulnerability/
CVE-2022-28719

critical

9.8

CWE

306

28/4/2022

3/8/2024

CVE-2022-28719

First published: Thu Apr 28 2022(Updated: )

Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
hammock AssetView	<13.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-28719?
CVE-2022-28719 has a high severity due to the potential for unauthorized remote code execution.
How do I fix CVE-2022-28719?
To mitigate CVE-2022-28719, upgrade AssetView to version 13.2.0 or later.
What type of vulnerability is CVE-2022-28719?
CVE-2022-28719 is a missing authentication vulnerability affecting critical functions.
Who is affected by CVE-2022-28719?
CVE-2022-28719 affects users of AssetView prior to version 13.2.0.
What can an attacker do with CVE-2022-28719?
An attacker exploiting CVE-2022-28719 can upload a crafted configuration file, potentially leading to arbitrary code execution on managed clients.

agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/hammock
canonical/hammock assetview

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2022-28719?
CVE-2022-28719 has a high severity due to the potential for unauthorized remote code execution.
How do I fix CVE-2022-28719?
To mitigate CVE-2022-28719, upgrade AssetView to version 13.2.0 or later.
What type of vulnerability is CVE-2022-28719?
CVE-2022-28719 is a missing authentication vulnerability affecting critical functions.
Who is affected by CVE-2022-28719?
CVE-2022-28719 affects users of AssetView prior to version 13.2.0.
What can an attacker do with CVE-2022-28719?
An attacker exploiting CVE-2022-28719 can upload a crafted configuration file, potentially leading to arbitrary code execution on managed clients.