admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 09:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-468xx/CVE-2022-46835.json

200 lines
7.3 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2022-46835",
"sourceIdentifier": "psirt@sailpoint.com",
"published": "2023-01-31T15:15:08.997",
"lastModified": "2023-02-08T02:12:20.943",
"vulnStatus": "Analyzed",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950."
Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00
},
{
"lang": "es",
"value": "IdentityIQ 8.3 y todos los niveles de parche 8.3 anteriores a 8.3p2, IdentityIQ 8.2 y todos los niveles de parche 8.2 anteriores a 8.2p5, IdentityIQ 8.1 y todos los niveles de parche 8.1 anteriores a 8.1p7, IdentityIQ 8.0 y todos los niveles de parche 8.0 anteriores a 8.0p6 permiten el acceso a archivos arbitrarios en el sistema de archivos del servidor de aplicaciones debido a una vulnerabilidad de path traversal en JavaServer Faces (JSF) 2.2.20 documentada en CVE-2020-6950."
bootstrap
2023-04-24 12:24:31 +02:00
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@sailpoint.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "psirt@sailpoint.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "331C62A4-620B-483A-87A6-9AA51679AF92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "C84FC633-5B3C-4A40-A588-EF3AF509BBE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "6080940F-819D-468F-90B7-D1E135020777"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "E018B45E-96CF-45C2-B405-3AFCC683BF9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "CE18C753-3EE9-49C4-A99F-4429E0B20A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "F5641886-0FBB-472D-950A-70F94FB99087"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*",
"matchCriteriaId": "00C8E5FB-5B6D-4C1B-AEFE-C884B28392D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "216615A8-0E21-4597-871C-AC121BF0E150"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "35ECC22F-B2A2-4750-B995-2944F12C1BFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "9ECEF57B-DA34-402A-86F0-713A3683A172"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "1815D4C7-50FC-45DA-8130-E9258CAFBD09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "F784765E-8B3C-4F96-B57A-E6E7AECE628C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch6:*:*:*:*:*:*",
"matchCriteriaId": "A7B4F481-4E74-4B56-9851-E1A665F5783D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*",
"matchCriteriaId": "224129BF-667F-4F6A-8E9A-15390F6FA3D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2A8C2668-C1F1-4A67-A2B3-99B5746C6A52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "A9D91EB5-EC8E-4200-9245-13E37312343D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*",
"matchCriteriaId": "63352C53-ADD8-49CD-B9E6-648183BDED68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*",
"matchCriteriaId": "1173CC53-CBE5-450C-96BF-8583D1B3D185"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2C0F5E55-5D33-425F-9DA7-49FE66CD84C4"
}
]
}
]
}
],
"references": [
{
"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-file-traversal-vulnerability-cve-2022-46835/",
"source": "psirt@sailpoint.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue Copy Permalink