CVE-2022-4039

8.0

HIGHCVSS v3.1 Base Score

0.12%

LOW RiskEPSS (31st percentile)

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Published: 9/22/2023

Modified: 11/21/2024

Back to CVE Lookup

Vulnerability Summary

CVSS v3 Score

8HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score (Exploitation Probability)

0.12%LOW Exploitation Risk

31st percentile

This vulnerability has a 0.12% probability of being exploited in the next 30 days, ranking higher than 31% of all scored CVEs.

CWE Classification

CWE-276

Related Vulnerabilities

Same Weakness Type(CWE-276)

CVE-2025-43350LOW 2.4

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen.

11/4/2025

CVE-2025-4660CRITICAL 9.8

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector.

5/13/2025

CVE-2025-43595HIGH 7.8

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).

5/1/2025

CVE-2024-55930MEDIUM 6.7

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

1/23/2025

CVE-2023-46773CRITICAL 9.8

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.

12/6/2023

Similar SeverityHIGH

CVE-2026-41091HIGH 7.8

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

5/20/2026

CVE-2026-42897HIGH 8.1

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

5/14/2026

CVE-2026-6973HIGH 7.2

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

5/7/2026

CVE-2026-44116HIGH 8.6

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized access to internal resources.

5/6/2026

CVE-2026-44115HIGH 8.8

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

5/6/2026

Learn More

CVSS Calculator

View this score breakdown or calculate a custom score

Understanding CVSS Scoring

Learn how severity scores are calculated and what they mean

CVE Prioritization Guide

Best practices for deciding which vulnerabilities to address first

What is a CVE?

Essential guide to Common Vulnerabilities and Exposures

CVE vs CWE Explained

Understand how CVEs relate to underlying weakness types