CVE-2022-33739

EPSS 0.34%
Veröffentlicht 16.06.2022 22:15:08
Zuletzt bearbeitet 21.11.2024 07:08:26
Quelle vuln@ca.com
Teams Watchlist Login
Unerledigt Login

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Ca Clarity Version <= 15.8

Broadcom ≫ Ca Clarity Version15.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.559

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-33739

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-33739

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-33739

EUVD