Lucene search

[email protected]NVD:CVE-2022-34549

HistoryJul 27, 2022 - 2:15 p.m.

CVE-2022-34549

2022-07-2714:15:08

CWE-434

[email protected]

web.nvd.nist.gov

sims v1.0

arbitrary file upload

uploadservlet

escalate privileges

execute commands

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.0%

JSON

Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file.

Affected configurations

Nvd

Node

sims_projectsimsMatch1.0

VendorProductVersionCPE
sims_projectsims1.0cpe:2.3:a:sims_project:sims:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sims_project	sims	1.0	cpe:2.3:a:sims_project:sims:1.0:::::::*

References

cwe.mitre.org/data/definitions/434.html

github.com/rawchen/sims/issues/6

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.0%

JSON

Related for NVD:CVE-2022-34549

prion1 cvelist1 cve1