Lucene search
HistoryDec 25, 2022 - 5:15 a.m.
CVE-2022-44013
cve-2022-44013
simmeth lieferantenmanager
authentication bypass
api security
credential object
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.0%
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.
Affected configurations
Node
simmethlieferantenmanagerRange<5.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| simmeth:lieferantenmanager | simmeth lieferantenmanager | lt | 5.6 |
Related
nvd
nvd
CVE-2022-44013
2022-12-25 05:15:10
cnvd
cnvd
Simmeth System Supplier Manager Authentication Bypass Vulnerability
2022-11-21 00:00:00
prion
prion
Authentication flaw
2022-12-25 05:15:00
cvelist
cvelist
CVE-2022-44013
2022-12-25 00:00:00
packetstorm
packetstorm
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
2022-11-15 00:00:00
zdt
zdt
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.0%
Related for CVE-2022-44013