Cyber Resilience

CVE-2022-4254

HighPublic PoC

Published: 01 February 2023

Published
01 February 2023
Modified
27 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4254 is a high-severity LDAP Injection (CWE-90) vulnerability in Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fedoraproject
sssd
1.15.3 — 2.3.1
redhat
enterprise linux
8.0
redhat
enterprise linux desktop
7.0
redhat
enterprise linux for ibm z systems
7.0
redhat
enterprise linux for power big endian
7.0
redhat
enterprise linux for power little endian
7.0
redhat
enterprise linux for scientific computing
7.0
redhat
enterprise linux server
7.0
redhat
enterprise linux server aus
8.2
redhat
enterprise linux server for power little endian update services for sap solutions
8.1, 8.2
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References