Lucene search

MitreCVE-2022-42175

HistoryJul 05, 2023 - 3:15 a.m.

CVE-2022-42175

2023-07-0503:15:09

CWE-639

mitre

web.nvd.nist.gov

cve-2022-42175

insecure direct object reference

whmcs

solusvm

vulnerability

authorization

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.

Affected configurations

Nvd

Node

soluslabssolusvmMatch4.1.2

VendorProductVersionCPE
soluslabssolusvm4.1.2cpe:2.3:a:soluslabs:solusvm:4.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
soluslabs	solusvm	4.1.2	cpe:2.3:a:soluslabs:solusvm:4.1.2:::::::*

References

soluslabs.com

solusvm.com

gist.github.com/mr404ntf/9c8728ee8f35d9744feec3828df1085d

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON

Related for CVE-2022-42175