CVE-2022-22792

EPSS 0.58%
Veröffentlicht 16.02.2022 17:15:11
Zuletzt bearbeitet 21.11.2024 06:47:27
Quelle cna@cyber.gov.il
CVE-Watchlists
Login
Unerledigt
Login

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mobisoft - Mobiplus Project ≫ Mobisoft - Mobiplus Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.432

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
cna@cyber.gov.il	6.6	1.8	4.7	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CWE-233 Improper Handling of Parameters

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

https://www.gov.il/en/departments/faq/cve_advisories

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-22792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22792

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-22792