admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-418xx/CVE-2022-41892.json
cad-safe-bot db95377d9f Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00

131 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-41892",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-11T04:15:12.567",
"lastModified": "2022-11-16T02:35:49.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds."
},
{
"lang": "es",
"value": "Arches es una plataforma web para crear, gestionar y administrar visualizaci\u00f3n de datos geoespaciales. Las versiones anteriores a 6.1.2, 6.2.1 y 7.1.2 son vulnerables a la inyecci\u00f3n SQL. Con una solicitud web cuidadosamente manipulada, es posible ejecutar ciertas declaraciones SQL no deseadas en la base de datos. Este problema se solucion\u00f3 en las versiones 7.12, 6.2.1 y 6.1.2. Se recomienda a los usuarios que actualicen lo antes posible. No hay workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archesproject:arches:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.1.1",
"matchCriteriaId": "21BB1B47-4586-4F5F-A4C3-A7ADCFA79DC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archesproject:arches:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A5A39D-379C-47BA-81B9-1AEC7808EE5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archesproject:arches:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B614BF2-A773-4E7C-8514-70860A6D7C02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archesproject:arches:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33E271C0-E2F0-484A-80B2-D2101FF67ECE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:archesproject:arches:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F04CFEA-BC99-4DFC-9DBE-3947DAECD27C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink