CVE-2022-23862

Exploit

EPSS 0.16%
Veröffentlicht 22.10.2024 16:15:05
Zuletzt bearbeitet 30.10.2024 21:21:09
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ysoft ≫ Safeq Version6.0 Updatebuild53

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.371

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://ysoft.com

Product

https://github.com/mbadanoiu/CVE-2022-23862

Third Party Advisory

Exploit

https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-23862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23862

EUVD