admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/22xxx/CVE-2023-22378.json

133 lines
4.6 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2023-01-26 21:06:38 +00:00
{
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2023-01-26 21:06:38 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-22378",
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
"ASSIGNER": "prodsec@nozominetworks.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2023-01-26 21:06:38 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-09-20 14:00:33 +00:00
"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.\n\nAuthenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability."
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nozomi Networks",
"product": {
"product_data": [
{
"product_name": "Guardian",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "22.6.2"
}
]
}
},
{
"product_name": "CMC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "22.6.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.nozominetworks.com/NN-2023:2-01",
"refsource": "MISC",
"name": "https://security.nozominetworks.com/NN-2023:2-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Use internal firewall features to limit access to the web management interface.</p>"
}
],
"-Synchronized-Data."
2024-05-28 13:00:32 +00:00
"value": "Use internal firewall features to limit access to the web management interface."
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Upgrade to v22.6.2 or later.</p>"
}
],
"-Synchronized-Data."
2024-05-28 13:00:32 +00:00
"value": "Upgrade to v22.6.2 or later."
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"-Synchronized-Data."
2024-09-20 14:00:33 +00:00
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"-Synchronized-Data."
2024-09-20 14:00:33 +00:00
"integrityImpact": "HIGH",
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"-Synchronized-Data."
2024-09-20 14:00:33 +00:00
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"-Synchronized-Data."
2023-08-09 09:00:34 +00:00
"version": "3.1"
"-Synchronized-Data."
2023-01-26 21:06:38 +00:00
}
]
}
}
Reference in New Issue Copy Permalink