Lucene search

TwcertCVELIST:CVE-2022-25594

HistoryApr 07, 2022 - 6:22 p.m.

CVE-2022-25594 Microprogram parking lot management system - Exposure of Sensitive Information to an Unauthorized Actor

2022-04-0718:22:31

CWE-200

twcert

www.cve.org

cve-2022-25594

microprogram

parking lot management

sensitive information

unauthorized actor

remote attacker

system configuration

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information.

CNA Affected

[
  {
    "product": "parking lot management system",
    "vendor": "Microprogram",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.9.0518.11"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5973-6b449-1.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Related for CVELIST:CVE-2022-25594