CVE-2022-23320

Опубликовано: 07 фев. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.

Ссылки

http://xmpie.com
Vendor Advisory
https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29
Third Party Advisory
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/
Exploit
Third Party Advisory
https://www.xmpie.com/ustore-release-notes/
Release Notes
Vendor Advisory
http://xmpie.com
Vendor Advisory
https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29
Third Party Advisory
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/
Exploit
Third Party Advisory
https://www.xmpie.com/ustore-release-notes/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xerox:xmpie_ustore:12.3.7244.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00301

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-rfw3-r3r8-3gqr