CVE-2022-38123

EPSS 0.75%
Veröffentlicht 06.12.2022 16:15:10
Zuletzt bearbeitet 21.11.2024 07:15:50
Quelle VulnerabilityReporting@secomea
CVE-Watchlists
Login
Unerledigt
Login

Insufficient validation of plugin files

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface.

This issue affects:

Secomea GateManager

versions prior to 10.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Secomea ≫ Gatemanager Version < 10.0.622395010

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.75%	0.5

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
VulnerabilityReporting@secomea.com	8.7	2.3	5.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.secomea.com/support/cybersecurity-advisory/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-38123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38123

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-38123