CVE-2022-22834

Exploit

EPSS 4.24%
Veröffentlicht 10.03.2022 17:45:41
Zuletzt bearbeitet 21.11.2024 06:47:32
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Overit ≫ Geocall Version < 8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.24%	0.882

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

https://labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/

Third Party Advisory

Exploit

https://labs.yarix.com/advisories/cve-2022-22834/

Third Party Advisory

https://overit.us/products/geocall/

Vendor Advisory

Product

https://www.overit.ai/product/nextgen-fsm/

https://nvd.nist.gov/vuln/detail/CVE-2022-22834

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22834

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22834

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-22834