CVE-2022-46365

EPSS 0.04%
Published 01.05.2023 15:15:09
Last modified 21.11.2024 07:30:28
Source security@apache.org
Teams watchlist Login
Open Login

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Streampark Version >= 1.0.0 < 2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.111

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/f68lcwrp8pcdc4yrbpcm8j7m0f5mjn7h

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-46365

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-46365

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-46365

EUVD