admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-290xx/CVE-2022-29081.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

357 lines
15 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-29081",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-28T20:15:08.017",
"lastModified": "2022-05-10T12:29:22.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring."
},
{
"lang": "es",
"value": "Zoho ManageEngine Access Manager Plus versiones anteriores a 4302, Password Manager Pro versiones anteriores a 12007 y PAM360 versiones anteriores a 5401 son vulnerables a una omisi\u00f3n del control de acceso en algunas URL de la API Rest (para SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. y Synchronize) por medio de la subcadena ../RestAPI"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.0:build4000:*:*:*:*:*:*",
"matchCriteriaId": "44296707-E77D-492A-BDA5-A8B29498A6A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4100:*:*:*:*:*:*",
"matchCriteriaId": "8B75058A-D530-471C-B02D-F5DCD10BF608"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4101:*:*:*:*:*:*",
"matchCriteriaId": "C75E408E-8CF4-4AB0-8832-3BF0CEA0620F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4200:*:*:*:*:*:*",
"matchCriteriaId": "92B4C025-B3AF-4991-935A-773662F01EA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4201:*:*:*:*:*:*",
"matchCriteriaId": "FB6AB14A-CF17-44A2-A32F-4E1DBBAC8AAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4202:*:*:*:*:*:*",
"matchCriteriaId": "B2793FC1-CA8B-4AC5-B470-4454FB1F1A23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4203:*:*:*:*:*:*",
"matchCriteriaId": "FA799225-17EF-49DE-A5B0-2EABB957CD4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4001:*:*:*:*:*:*",
"matchCriteriaId": "3EE9114D-B6D8-430F-855C-CF1D3AB3157D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4002:*:*:*:*:*:*",
"matchCriteriaId": "BA3B9724-2C69-49CD-9916-F43B22CB194E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4100:*:*:*:*:*:*",
"matchCriteriaId": "C0384D4E-26C7-447B-84D3-9E38E7FC7F66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4101:*:*:*:*:*:*",
"matchCriteriaId": "8CDCC599-19C7-4AA7-84BB-2120EDC9FCBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "1545BCA4-88C9-4D0D-82E5-DB3D9F21601F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4501:*:*:*:*:*:*",
"matchCriteriaId": "02A19736-57EC-454C-8838-E0A9752DD468"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5000:*:*:*:*:*:*",
"matchCriteriaId": "22E8183E-8ACC-40C6-8EF3-253E4A2E63FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5001:*:*:*:*:*:*",
"matchCriteriaId": "C4532F06-14BF-4EC5-9A7E-AD934FE69ABF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5002:*:*:*:*:*:*",
"matchCriteriaId": "D951BC8D-AF9A-4F2A-A801-3A5EDAB1A5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5003:*:*:*:*:*:*",
"matchCriteriaId": "3AE0A2E4-71A2-447F-9496-D1B9D1D748A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5004:*:*:*:*:*:*",
"matchCriteriaId": "BADE0425-A94E-4621-BF9D-F3A1219C4D57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.1:build5100:*:*:*:*:*:*",
"matchCriteriaId": "331DB356-27EA-4DF8-8A29-C9C8E75E4EDA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.2:build5200:*:*:*:*:*:*",
"matchCriteriaId": "2C655F9A-C769-413E-9211-E89BADE1A509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5300:*:*:*:*:*:*",
"matchCriteriaId": "11523C00-D2EE-4E2D-AFF9-546C77A29CE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5301:*:*:*:*:*:*",
"matchCriteriaId": "F72FB8EA-A643-4295-92F3-4F64C31820D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5302:*:*:*:*:*:*",
"matchCriteriaId": "6A20B1E4-F212-4771-8774-DA8085B35829"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.4:build5400:*:*:*:*:*:*",
"matchCriteriaId": "131FFFF9-79B7-42C7-BECC-397C6AC1C418"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10103:*:*:*:*:*:*",
"matchCriteriaId": "E4DA1517-9C49-4E46-9BE4-7B6A9B9CA71D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10104:*:*:*:*:*:*",
"matchCriteriaId": "D56A0C6E-8865-409D-A7F3-600A466CB7F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2:build10200:*:*:*:*:*:*",
"matchCriteriaId": "92DCA776-14CD-4258-8804-1C531966F8FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10300:*:*:*:*:*:*",
"matchCriteriaId": "38BB8CEB-43AE-43FC-80E9-1FD5D518C822"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10301:*:*:*:*:*:*",
"matchCriteriaId": "A5DBA962-E485-47FB-8C06-B74B28417E87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10302:*:*:*:*:*:*",
"matchCriteriaId": "E34CD968-6820-4D24-A792-F272E4A582BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10400:*:*:*:*:*:*",
"matchCriteriaId": "EBE9858E-817C-4E40-B880-4B466272FD87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:*",
"matchCriteriaId": "5B94A45F-595F-4F2A-83C9-501DDFDF1DC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10402:*:*:*:*:*:*",
"matchCriteriaId": "EA1DD26C-22D3-45F4-B877-605B56379A0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:11104:*:*:*:*:*:*",
"matchCriteriaId": "550C1332-D1DC-4709-9F87-1A7F4EE08EEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:*",
"matchCriteriaId": "564A39DB-D202-4223-97E9-E6378CE69013"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11102:*:*:*:*:*:*",
"matchCriteriaId": "8C7BA06B-AA80-4276-912F-FF6BFE252E23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11103:*:*:*:*:*:*",
"matchCriteriaId": "6BCAD9CA-5C31-442D-9E50-D2B992907362"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:11200:*:*:*:*:*:*",
"matchCriteriaId": "F6A23F6F-439A-449D-A309-9F7EBC1A897B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:11201:*:*:*:*:*:*",
"matchCriteriaId": "47DF2D41-4BD1-4FC7-A4DB-BC75E41460CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11300:*:*:*:*:*:*",
"matchCriteriaId": "1AC71CFB-5AF2-4C0F-8C92-01C883BE271F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11301:*:*:*:*:*:*",
"matchCriteriaId": "B1203498-41EA-43C9-9F6A-63BBD6955C83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12000:*:*:*:*:*:*",
"matchCriteriaId": "5B722DB9-4258-4994-B498-0A4E1D3B3F8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12001:*:*:*:*:*:*",
"matchCriteriaId": "2C9E0BBA-DCC1-47A6-A329-2E7D363F840C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12002:*:*:*:*:*:*",
"matchCriteriaId": "D8011EC7-EEAE-4F0E-AD76-EE2C9F8BF807"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12003:*:*:*:*:*:*",
"matchCriteriaId": "5404C39E-BD07-40AF-9467-10F4D0CB5F14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12004:*:*:*:*:*:*",
"matchCriteriaId": "C4D42670-966F-445D-A2E3-0E728B287FCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12005:*:*:*:*:*:*",
"matchCriteriaId": "3C6F70E1-5B52-457C-A321-F11EC1075E6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12006:*:*:*:*:*:*",
"matchCriteriaId": "122B23D8-973E-40E6-85B1-E5107DA0F088"
}
]
}
]
}
],
"references": [
{
"url": "https://www.manageengine.com/privileged-session-management/advisory/cve-2022-29081.html",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.tenable.com/security/research/tra-2022-14",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink