mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-31 02:31:22 +00:00
107 lines
3.6 KiB
JSON
107 lines
3.6 KiB
JSON
{
|
|
"id": "CVE-2022-35902",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2022-07-15T23:15:08.430",
|
|
"lastModified": "2022-07-21T14:42:07.303",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an OBJ file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of OBJ files could enable an attacker to read information in the context of the current process."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha detectado un problema en Bentley MicroStation versiones anteriores a 10.17.0.x y en Bentley View versiones anteriores a 10.17.0.x. El uso de una versi\u00f3n afectada de MicroStation o de una aplicaci\u00f3n basada en MicroStation para abrir un archivo OBJ que contenga datos dise\u00f1ados puede forzar una lectura fuera de l\u00edmites. Una explotaci\u00f3n de estas vulnerabilidades en el an\u00e1lisis de archivos OBJ podr\u00eda permitir a un atacante leer informaci\u00f3n en el contexto del proceso actual"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.3,
|
|
"baseSeverity": "LOW"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 1.4
|
|
},
|
|
{
|
|
"source": "cve@mitre.org",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.3,
|
|
"baseSeverity": "LOW"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 1.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-125"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bentley:microstation:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "10.17.0",
|
|
"matchCriteriaId": "2FBF5B77-F4D2-4334-87B5-8AAE19633943"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bentley:view:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "10.17.0",
|
|
"matchCriteriaId": "6E9FC567-F77F-405F-8680-441DF4D898D6"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0016",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |