exploitDog

CVE-2022-43712

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.

Ссылки

https://service.gxsoftware.com/hc/en-us/articles/4717373636381-Vulnerability-in-Spring-core-Spring4Shell-
Vendor Advisory
https://service.gxsoftware.com/hc/nl/articles/12208173122461
Vendor Advisory
https://service.gxsoftware.com/hc/en-us/articles/4717373636381-Vulnerability-in-Spring-core-Spring4Shell-
Vendor Advisory
https://service.gxsoftware.com/hc/nl/articles/12208173122461
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*

Версия до 10.36.0 (включая)

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-mw64-5p9w-rfgc

CVSS3: 6.5

github

больше 2 лет назад

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862