admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-257xx/CVE-2022-25787.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

231 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-25787",
"sourceIdentifier": "VulnerabilityReporting@secomea.com",
"published": "2022-05-04T14:15:08.583",
"lastModified": "2022-05-11T19:05:33.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7."
},
{
"lang": "es",
"value": "Una Exposici\u00f3n de Informaci\u00f3n Mediante Cadenas de Consulta en la Petici\u00f3n GET es una vulnerabilidad en la API LMM de Secomea GateManager que permite al administrador del sistema secuestrar la conexi\u00f3n. Este problema afecta a: Secomea GateManager todas las versiones anteriores a 9.7"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-598"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.7.622134021",
"matchCriteriaId": "D3F34FFF-867B-40A3-9163-E0045B2EE092"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB6136A-5440-4980-940D-CD178DC219B8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.7.622134021",
"matchCriteriaId": "106CA21E-663A-4F1D-80AB-47BFC2EF6DBA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B546E62-81BB-4ED8-87C9-41BD79484AD0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.7.622134021",
"matchCriteriaId": "E7EC4241-4AAA-4B94-A024-2533B114723A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5089C475-2013-4DF6-AD1E-12F576ACAE8E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.7.622134021",
"matchCriteriaId": "A93F1AC2-ADD9-43C1-999F-E27FC588411F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68DE2092-2EA1-4D49-84EB-20BE2CD7B113"
}
]
}
]
}
],
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/",
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink