QwikSec

Security Database

CVE

CWE

Training

CVE-2022-45047

Published: Nov 16, 2022

Modified: May 1, 2026

PUBLISHED

Description

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Vendor	Product	Versions
Apache Software Foundation	Apache MINA SSHD	affected `unspecified - <= 2.9.1`

Weaknesses (CWE)

References

https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html

https://security.netapp.com/advisory/ntap-20240216-0008/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.