admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-306xx/CVE-2022-30622.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

125 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-30622",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-07-17T21:15:08.803",
"lastModified": "2024-11-21T07:03:02.770",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword."
},
{
"lang": "es",
"value": "Una revelaci\u00f3n de informaci\u00f3n: el sistema permite visualizar los nombres de usuario y las contrase\u00f1as sin permisos, por lo que ser\u00e1 posible entrar en el sistema. Acceso a la ruta: http://api/sys_username_passwd.cmd - El servidor carga la petici\u00f3n de forma clara por defecto. La divulgaci\u00f3n de la informaci\u00f3n de cr\u00e9dito embebida en el c\u00f3digo JS que es enviado al cliente dentro del archivo Login.js es un usuario fuerte (que no est\u00e1 documentado) y tambi\u00e9n la contrase\u00f1a, que permiten el acceso de super usuario. Nombre de usuario: chcadmin, Contrase\u00f1a: chcpassword"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:chcnav:p5e_gnss_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.1",
"matchCriteriaId": "D517250C-921A-494E-9B38-6154732AA2E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:chcnav:p5e_gnss_firmware:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B26293DB-77D5-4417-B72C-6EEDFE6151D5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:chcnav:p5e_gnss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56783F0F-85AA-4B6F-BC24-3F7659A86567"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "cna@cyber.gov.il",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink