nvd-json-data-feeds/CVE-2023/CVE-2023-223xx/CVE-2023-22378.json

{
  "id": "CVE-2023-22378",
  "sourceIdentifier": "prodsec@nozominetworks.com",
  "published": "2023-08-09T09:15:13.507",
  "lastModified": "2024-11-21T07:44:39.813",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.\n\nAuthenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n blind SQL en Guardian y CMC de Nozomi Networks, debido a una validaci\u00f3n de entrada incorrecta en el par\u00e1metro de ordenaci\u00f3n, permite a un atacante autenticado ejecutar consultas SQL arbitrarias en el DBMS utilizado por la aplicaci\u00f3n web. Los usuarios autenticados pueden extraer informaci\u00f3n arbitraria del DBMS de forma incontrolada."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "prodsec@nozominetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "prodsec@nozominetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "prodsec@nozominetworks.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "22.6.2",
              "matchCriteriaId": "D5DACA15-76B3-417A-8776-9014575659A6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "22.6.2",
              "matchCriteriaId": "6317D905-9F4B-42A1-937E-AB79D99B1973"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://security.nozominetworks.com/NN-2023:2-01",
      "source": "prodsec@nozominetworks.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://security.nozominetworks.com/NN-2023:2-01",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`{`
			`"id": "CVE-2023-22378",`
			`"sourceIdentifier": "prodsec@nozominetworks.com",`
			`"published": "2023-08-09T09:15:13.507",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"lastModified": "2024-11-21T07:44:39.813",`
Auto-Update: 2024-05-28T14:00:39.174226+00:00 2024-05-28 14:03:31 +00:00			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
Auto-Update: 2024-09-20T14:00:59.046271+00:00 2024-09-20 14:03:57 +00:00			`"value": "A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.\n\nAuthenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability."`
Auto-Update: 2024-04-04T08:42:25.815847+00:00 2024-04-04 08:46:00 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Una vulnerabilidad de inyecci\u00f3n blind SQL en Guardian y CMC de Nozomi Networks, debido a una validaci\u00f3n de entrada incorrecta en el par\u00e1metro de ordenaci\u00f3n, permite a un atacante autenticado ejecutar consultas SQL arbitrarias en el DBMS utilizado por la aplicaci\u00f3n web. Los usuarios autenticados pueden extraer informaci\u00f3n arbitraria del DBMS de forma incontrolada."`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`}`
			`],`
			`"metrics": {`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cvssMetricV40": [`
			`{`
			`"source": "prodsec@nozominetworks.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "4.0",`
Auto-Update: 2024-09-20T14:00:59.046271+00:00 2024-09-20 14:03:57 +00:00			`"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 8.7,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"attackRequirements": "NONE",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
Auto-Update: 2025-03-02T03:00:19.570958+00:00 2025-03-02 03:03:52 +00:00			`"vulnConfidentialityImpact": "HIGH",`
			`"vulnIntegrityImpact": "HIGH",`
			`"vulnAvailabilityImpact": "HIGH",`
			`"subConfidentialityImpact": "NONE",`
			`"subIntegrityImpact": "NONE",`
			`"subAvailabilityImpact": "NONE",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"exploitMaturity": "NOT_DEFINED",`
Auto-Update: 2025-03-02T03:00:19.570958+00:00 2025-03-02 03:03:52 +00:00			`"confidentialityRequirement": "NOT_DEFINED",`
			`"integrityRequirement": "NOT_DEFINED",`
			`"availabilityRequirement": "NOT_DEFINED",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"modifiedAttackVector": "NOT_DEFINED",`
			`"modifiedAttackComplexity": "NOT_DEFINED",`
			`"modifiedAttackRequirements": "NOT_DEFINED",`
			`"modifiedPrivilegesRequired": "NOT_DEFINED",`
			`"modifiedUserInteraction": "NOT_DEFINED",`
Auto-Update: 2025-03-02T03:00:19.570958+00:00 2025-03-02 03:03:52 +00:00			`"modifiedVulnConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedVulnIntegrityImpact": "NOT_DEFINED",`
			`"modifiedVulnAvailabilityImpact": "NOT_DEFINED",`
			`"modifiedSubConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedSubIntegrityImpact": "NOT_DEFINED",`
			`"modifiedSubAvailabilityImpact": "NOT_DEFINED",`
			`"Safety": "NOT_DEFINED",`
			`"Automatable": "NOT_DEFINED",`
			`"Recovery": "NOT_DEFINED",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"valueDensity": "NOT_DEFINED",`
			`"vulnerabilityResponseEffort": "NOT_DEFINED",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"providerUrgency": "NOT_DEFINED"`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`}`
			`}`
			`],`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`"cvssMetricV31": [`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "prodsec@nozominetworks.com",`
			`"type": "Secondary",`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`"cvssData": {`
			`"version": "3.1",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH"`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`},`
			`"exploitabilityScore": 2.8,`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"impactScore": 5.9`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`},`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`"cvssData": {`
			`"version": "3.1",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM",`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE"`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`},`
			`"exploitabilityScore": 2.8,`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"impactScore": 3.6`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`}`
			`]`
			`},`
			`"weaknesses": [`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "prodsec@nozominetworks.com",`
			`"type": "Secondary",`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-89"`
			`}`
			`]`
			`},`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-89"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:nozominetworks:cmc::::::::",`
			`"versionEndExcluding": "22.6.2",`
			`"matchCriteriaId": "D5DACA15-76B3-417A-8776-9014575659A6"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:nozominetworks:guardian::::::::",`
			`"versionEndExcluding": "22.6.2",`
			`"matchCriteriaId": "6317D905-9F4B-42A1-937E-AB79D99B1973"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`"references": [`
			`{`
			`"url": "https://security.nozominetworks.com/NN-2023:2-01",`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`"source": "prodsec@nozominetworks.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`},`
			`{`
			`"url": "https://security.nozominetworks.com/NN-2023:2-01",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-08-09T10:00:31.779394+00:00 2023-08-09 10:00:35 +00:00			`}`
			`]`
			`}`