Lucene search
MitreCVE-2022-45891HistoryDec 25, 2022 - 4:15 a.m.
CVE-2022-45891
2022-12-2504:15:08
CWE-863
mitre
web.nvd.nist.gov
25
cve-2022-45891
planet estream
unauthenticated uploads
access control
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
9.3
Confidence
High
EPSS
0.002
Percentile
64.6%
Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).
Affected configurations
Node
planetestreamplanet_estreamRange<6.72.10.07
| Vendor | Product | Version | CPE |
|---|---|---|---|
| planetestream | planet_estream | * | cpe:2.3:a:planetestream:planet_estream:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-45891
2022-12-25 00:00:00
prion
prion
Authentication flaw
2022-12-25 04:15:00
nvd
nvd
CVE-2022-45891
2022-12-25 04:15:08
zdt
zdt
packetstorm
packetstorm
Planet eStream Code Execution / SQL Injection / XSS / Broken Control
2022-12-09 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
9.3
Confidence
High
EPSS
0.002
Percentile
64.6%
Related for CVE-2022-45891