Lucene search

[email protected]CVE-2022-37786

HistoryJan 01, 2023 - 8:15 a.m.

CVE-2022-37786

2023-01-0108:15:10

CWE-1236

[email protected]

web.nvd.nist.gov

wecube

platform

3.2.2

csv injection

vulnerability

nvd

cve-2022-37786

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.

Affected configurations

NVD

Node

wecube-platform_projectwecube-platformMatch3.2.2

CPENameOperatorVersion
wecube-platform_project:wecube-platformwecube-platform project wecube-platformeq3.2.2

CPE	Name	Operator	Version
wecube-platform_project:wecube-platform	wecube-platform project wecube-platform	eq	3.2.2

References

github.com/WeBankPartners/wecube-platform

github.com/WeBankPartners/wecube-platform/issues/2327