admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/24xxx/CVE-2022-24047.json
CVE Team 285fa9b495
"-Synchronized-Data."
2022-02-18 20:01:23 +00:00

74 lines
2.6 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-24047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Track-It!",
"version": {
"version_data": [
{
"version_value": "20.21.01.102"
}
]
}
}
]
},
"vendor_name": "BMC"
}
]
}
},
"credit": "Markus Wulftange (@mwulftange)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-290/"
},
{
"url": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It",
"refsource": "MISC",
"name": "https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
}
Reference in New Issue View Git Blame Copy Permalink