9.1

CVE-2022-47411

EPSS 0.23%
Veröffentlicht 14.12.2022 21:15:14
Zuletzt bearbeitet 21.04.2025 19:15:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fp Newsletter Project ≫ Fp Newsletter SwPlatformtypo3 Version < 1.1.1

Fp Newsletter Project ≫ Fp Newsletter SwPlatformtypo3 Version >= 2.0.0 < 2.1.2

Fp Newsletter Project ≫ Fp Newsletter SwPlatformtypo3 Version >= 2.2.1 <= 2.4.0

Fp Newsletter Project ≫ Fp Newsletter SwPlatformtypo3 Version >= 3.0.0 < 3.2.6

Fp Newsletter Project ≫ Fp Newsletter Version1.2.0 SwPlatformtypo3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.459

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve@mitre.org	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://typo3.org/security/advisory/typo3-ext-sa-2022-017

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-47411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47411

EUVD