CVE-2022-38123

CVSS v3 8.7 HIGH

8.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.3 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

I

mproper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.

References

Link	Resource
https://www.secomea.com/support/cybersecurity-advisory/	Vendor Advisory
https://www.secomea.com/support/cybersecurity-advisory/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.2~~	v2 : unknown v3 : 8.7
References	~~() https://www.secomea.com/support/cybersecurity-advisory/ - Vendor Advisory~~	() https://www.secomea.com/support/cybersecurity-advisory/ - Vendor Advisory

Information

Published : 2022-12-06 16:15

Updated : 2024-11-21 07:15

NVD link : CVE-2022-38123

Mitre link : CVE-2022-38123

CVE.ORG link : CVE-2022-38123

JSON object : View

Products Affected

gatemanager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2022-38123", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-12-06T16:15:10.567", "references": [{"url": "https://www.secomea.com/support/cybersecurity-advisory/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.secomea.com/support/cybersecurity-advisory/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface.\n\nThis issue affects:\n\nSecomea GateManager\n\nversions prior to 10.0.\n\n\n\n"}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta de archivos de complemento en la interfaz de administrador de Secomea GateManager permite al administrador del servidor inyectar c\u00f3digo en la interfaz de GateManager. Este problema afecta a: Versiones de Secomea GateManager anteriores a la 10.0."}], "lastModified": "2024-11-21T07:15:50.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B231401-38C1-4714-90B9-2F7044AEE042", "versionEndExcluding": "10.0.622395010"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}