Description
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-43772 | Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. |
References
| Link | Providers |
|---|---|
| https://github.com/wazuh/wazuh/pull/14801 |
|
History
Wed, 21 May 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-94 | |
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-05-21T15:02:09.029Z
Reserved: 2022-09-11T00:00:00.000Z
Link: CVE-2022-40497
Updated: 2024-08-03T12:21:46.182Z
Status : Modified
Published: 2022-09-28T00:15:09.523
Modified: 2026-06-17T05:01:28.107
Link: CVE-2022-40497
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-94
Improper Control of Generation of Code ('Code Injection')
- NVD-CWE-noinfo
EUVD