CVE-2022-23320

{"id": "CVE-2022-23320", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-02-07T11:15:07.930", "references": [{"url": "http://xmpie.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.xmpie.com/ustore-release-notes/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database."}, {"lang": "es", "value": "XMPie uStore versi\u00f3n 12.3.7244.0 permite a administradores generar informes basados en consultas SQL sin procesar. Dado que la aplicaci\u00f3n es enviada con credenciales administrativas por defecto, un atacante podr\u00eda autenticarse en la aplicaci\u00f3n y exfiltrar informaci\u00f3n confidencial de la base de datos"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xerox:xmpie_ustore:12.3.7244.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F96804C-0936-4BF6-A196-552B66EE670E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}