admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-445xx/CVE-2022-44532.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

130 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-44532",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2022-12-12T13:15:15.083",
"lastModified": "2024-11-21T07:28:05.340",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal autenticada en la interfaz de l\u00ednea de comandos de Aruba EdgeConnect Enterprise. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de leer archivos arbitrarios en el sistema operativo subyacente, incluidos archivos confidenciales del sistema en las versiones del software Aruba EdgeConnect Enterprise: ECOS 9.2.1.0 y anteriores; ECOS 9.1.3.0 y anteriores; ECOS 9.0.7.0 y anteriores; ECOS 8.3.7.1 y anteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3.1.0",
"versionEndIncluding": "8.3.7.1",
"matchCriteriaId": "ACE3C2AB-608D-4C00-93F8-AF4457C26713"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0.0",
"versionEndIncluding": "9.0.7.0",
"matchCriteriaId": "D23ED477-4291-450A-B659-5356C3AC1421"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0.0",
"versionEndIncluding": "9.1.3.0",
"matchCriteriaId": "12DC6F5A-1BA1-49A2-8559-02E30ACE3275"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0.0",
"versionEndIncluding": "9.2.1.0",
"matchCriteriaId": "E209A005-6EEE-4DE0-AB88-DC5990DE926D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt",
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink