nvd-json-data-feeds/CVE-2022/CVE-2022-428xx/CVE-2022-42894.json

{
  "id": "CVE-2022-42894",
  "sourceIdentifier": "productcert@siemens.com",
  "published": "2022-11-17T17:15:13.433",
  "lastModified": "2022-11-21T17:53:20.080",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en syngo Dynamics (todas las versiones &lt; VA40G HF01). Se identific\u00f3 una vulnerabilidad de falsificaci\u00f3n de solicitudes del lado del servidor (SSRF) no autenticada en uno de los servicios web expuestos en la aplicaci\u00f3n syngo Dynamics que podr\u00eda permitir la filtraci\u00f3n de credenciales NTLM, as\u00ed como la enumeraci\u00f3n de servicios locales."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ]
    },
    {
      "source": "productcert@siemens.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:siemens:syngo_dynamics_cardiovascular_imaging_and_information_system:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "va40g_hf01",
              "matchCriteriaId": "B2F3FBF4-8431-4C9D-8173-CA6DEC1104F0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697",
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}