CVE-2022-40238

CVE-2022-40238: A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5

Vendor Cert/Cc
Product VINCE - The Vulnerability Information and Coordination Environment
Weakness CWE-502 · Unsafe deserialization
Published October 26, 2022
Last update May 7, 2025

CVSS base score

What the vulnerability does

01Description

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.

Key dates

02Disclosure timeline

October 26, 2022 CVE published
May 7, 2025 Record updated

Related vulnerabilities

04Related CVE