CVE-2022-35914 Teclib CVE debrief

Who should care

Security teams, system administrators, and vulnerability managers responsible for Teclib GLPI deployments should review this CVE immediately, especially if GLPI is internet-facing or broadly accessible inside the environment.

Technical summary

The supplied official records identify CVE-2022-35914 as a remote code execution vulnerability in Teclib GLPI. The corpus does not include exploit mechanics, affected versions, or a CVSS score, so remediation planning should rely on the vendor advisory, the CVE record, and the NVD entry for authoritative version and fix details. CISA’s KEV listing indicates the issue is sufficiently important for rapid remediation and operational tracking.

Defensive priority

High. CISA placed this CVE in the KEV catalog and set a due date of 2023-03-28, so GLPI instances should be verified and updated as soon as possible using vendor guidance.

Recommended defensive actions

• Identify all GLPI instances in the environment and confirm which versions are deployed.
• Review the vendor advisory and apply the vendor-recommended update path without delay.
• Use the official CVE and NVD records to verify affected versions and any additional remediation guidance.
• If immediate patching is not possible, reduce exposure by limiting access to GLPI administrative interfaces and monitoring for suspicious activity.
• Validate that remediation is complete before the CISA KEV due date and record the status in vulnerability management workflows.

Evidence notes

CISA’s KEV source item lists vendorProject Teclib, product GLPI, vulnerabilityName "Teclib GLPI Remote Code Execution Vulnerability," dateAdded 2023-03-07, dueDate 2023-03-28, and requiredAction "Apply updates per vendor instructions." The KEV notes also reference a GLPI 10.0.3 availability announcement and the NVD CVE page. The supplied corpus does not provide a CVSS score, affected versions, or exploitation timeline beyond the KEV listing.

Official resources