CVE-2022-22152

EPSS 0.33%
Veröffentlicht 19.01.2022 01:15:08
Zuletzt bearbeitet 21.11.2024 06:46:15
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Contrail Service Orchestration Version <= 6.0.0

Juniper ≫ Contrail Service Orchestration Version6.1.0 Update-

Juniper ≫ Contrail Service Orchestration Version6.1.0 Updatepatch1

Juniper ≫ Contrail Service Orchestration Version6.1.0 Updatepatch2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.525

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
sirt@juniper.net	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://kb.juniper.net/JSA11260

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22152

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22152

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22152

EUVD