Lucene search

CertccCVE-2022-40238

HistoryOct 26, 2022 - 4:15 p.m.

CVE-2022-40238

2022-10-2616:15:11

CWE-502

certcc

web.nvd.nist.gov

cve-2022-40238

remote code injection

cert software

vulnerability

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user’s profile. This can lead to code execution on the server when the user’s profile is accessed.

Affected configurations

Nvd

Node

certvinceRange<1.50.5

VendorProductVersionCPE
certvince*cpe:2.3:a:cert:vince:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cert	vince	*	cpe:2.3:a:cert:vince::::::::

CNA Affected

[
  {
    "versions": [
      {
        "version": "1.48.0",
        "status": "affected",
        "lessThan": "1.50.5",
        "versionType": "custom"
      }
    ],
    "product": "VINCE - The Vulnerability Information and Coordination Environment",
    "vendor": "CERT/CC"
  }
]

References

github.com/CERTCC/VINCE/issues?q=label%3Asecurity

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

Related for CVE-2022-40238