CVE-2022-35241 — MEDIUM (6.5)

Q: How severe is CVE-2022-35241?

CVE-2022-35241 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-35241?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Instance Manager.

Vulnerability Description

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
F5	Nginx Instance Manager	>= 1.0.0, <= 1.0.4

Related Weaknesses (CWE)

CWE-400

References

https://support.f5.com/csp/article/K37080719Vendor Advisory
https://support.f5.com/csp/article/K37080719Vendor Advisory

FAQ

What is CVE-2022-35241?

CVE-2022-35241 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have...

How severe is CVE-2022-35241?

CVE-2022-35241 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-35241?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Instance Manager.