CVE-2022-22798

EPSS 0.11%
Veröffentlicht 12.05.2022 20:15:14
Zuletzt bearbeitet 21.11.2024 06:47:28
Quelle cna@cyber.gov.il
CVE-Watchlists
Login
Unerledigt
Login

Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sysaid ≫ Sysaid SwEditioncloud Version < 21.1.50

Sysaid ≫ Sysaid SwEditionon-premises Version < 22.1.64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.286

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
cna@cyber.gov.il	6.8	1.3	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.gov.il/en/departments/faq/cve_advisories

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22798

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22798

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22798

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-22798