nvd-json-data-feeds/CVE-2022/CVE-2022-453xx/CVE-2022-45338.json

{
  "id": "CVE-2022-45338",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-12-15T23:15:10.407",
  "lastModified": "2022-12-21T14:20:14.273",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:-:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6BA9DEEE-EDE4-4B1A-8DB9-9E96CCA42489"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B8F09D5D-C529-496B-ADB1-123C5A66AFB5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "ABC81240-9458-4624-A4C1-2CB8C665E969"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "EDA14DD6-A17B-43FE-BA45-290A86418210"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD5E6FA6-C252-4078-AE10-CABBDDDFDF9B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "3B33AF72-27CE-4C6A-A5C0-5ACB4B043E54"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "581CA5AA-E6AB-4693-A01B-23B6BD79CA6B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "EE3AE6F3-4BB4-4BF1-8FBA-2FEE539F81FC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "046D0970-3A43-49ED-AFFD-DADECA360E20"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "578F3276-2E44-4113-A00C-92486630438E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1287BF67-6237-4883-A05E-7A227DFCD686"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DBD1500E-CEAC-4894-9ED1-F884D174FB70"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9D704BBC-1AA2-46DD-8E3E-FD1720032948"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:-:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C1ABB366-F082-4F82-A498-51AFA46D3EE2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "3AEFEF28-980E-4716-8649-4D379C637BC5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CA664DB4-D7F1-4B55-97CB-B20AD6BDB78F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AF9E5DB4-1DBC-4619-BDB9-2E519E3103EE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "986FA7D8-EA82-4A33-93E2-47EEBD1257DB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "BB8D464E-7A36-456A-8C3D-D077B3F62DD2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2022-45338",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2022-12-15T23:15:10.407",`
			`"lastModified": "2022-12-21T14:20:14.273",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-434"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:-:::enterprise:::*",`
			`"matchCriteriaId": "6BA9DEEE-EDE4-4B1A-8DB9-9E96CCA42489"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp1:::enterprise:::*",`
			`"matchCriteriaId": "B8F09D5D-C529-496B-ADB1-123C5A66AFB5"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp10:::enterprise:::*",`
			`"matchCriteriaId": "ABC81240-9458-4624-A4C1-2CB8C665E969"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp11:::enterprise:::*",`
			`"matchCriteriaId": "EDA14DD6-A17B-43FE-BA45-290A86418210"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp12:::enterprise:::*",`
			`"matchCriteriaId": "DD5E6FA6-C252-4078-AE10-CABBDDDFDF9B"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp2:::enterprise:::*",`
			`"matchCriteriaId": "3B33AF72-27CE-4C6A-A5C0-5ACB4B043E54"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp3:::enterprise:::*",`
			`"matchCriteriaId": "581CA5AA-E6AB-4693-A01B-23B6BD79CA6B"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp4:::enterprise:::*",`
			`"matchCriteriaId": "EE3AE6F3-4BB4-4BF1-8FBA-2FEE539F81FC"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp5:::enterprise:::*",`
			`"matchCriteriaId": "046D0970-3A43-49ED-AFFD-DADECA360E20"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp6:::enterprise:::*",`
			`"matchCriteriaId": "578F3276-2E44-4113-A00C-92486630438E"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp7:::enterprise:::*",`
			`"matchCriteriaId": "1287BF67-6237-4883-A05E-7A227DFCD686"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp8:::enterprise:::*",`
			`"matchCriteriaId": "DBD1500E-CEAC-4894-9ED1-F884D174FB70"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp9:::enterprise:::*",`
			`"matchCriteriaId": "9D704BBC-1AA2-46DD-8E3E-FD1720032948"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:-:::enterprise:::*",`
			`"matchCriteriaId": "C1ABB366-F082-4F82-A498-51AFA46D3EE2"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp1:::enterprise:::*",`
			`"matchCriteriaId": "3AEFEF28-980E-4716-8649-4D379C637BC5"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp2:::enterprise:::*",`
			`"matchCriteriaId": "CA664DB4-D7F1-4B55-97CB-B20AD6BDB78F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp3:::enterprise:::*",`
			`"matchCriteriaId": "AF9E5DB4-1DBC-4619-BDB9-2E519E3103EE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp4:::enterprise:::*",`
			`"matchCriteriaId": "986FA7D8-EA82-4A33-93E2-47EEBD1257DB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp5:::enterprise:::*",`
			`"matchCriteriaId": "BB8D464E-7A36-456A-8C3D-D077B3F62DD2"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`}`
			`]`
			`}`