nvd-json-data-feeds/CVE-2022/CVE-2022-439xx/CVE-2022-43958.json

{
  "id": "CVE-2022-43958",
  "sourceIdentifier": "productcert@siemens.com",
  "published": "2022-11-08T11:15:12.193",
  "lastModified": "2022-11-09T17:19:20.887",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ]
    },
    {
      "source": "productcert@siemens.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-316"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "495D38E5-5C7F-43C2-997F-D2226C7D0A2C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf",
      "source": "productcert@siemens.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2022-43958",`
			`"sourceIdentifier": "productcert@siemens.com",`
			`"published": "2022-11-08T11:15:12.193",`
			`"lastModified": "2022-11-09T17:19:20.887",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored in plaintext in the database. This could allow an attacker to gain access to credentials and impersonate other users."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 9.1,`
			`"baseSeverity": "CRITICAL"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.2`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-312"`
			`}`
			`]`
			`},`
			`{`
			`"source": "productcert@siemens.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-316"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:siemens:qms_automotive::::::::",`
			`"matchCriteriaId": "495D38E5-5C7F-43C2-997F-D2226C7D0A2C"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf",`
			`"source": "productcert@siemens.com",`
			`"tags": [`
			`"Mitigation",`
			`"Vendor Advisory"`
			`]`
			`}`
			`]`
			`}`