CVE-2022-34659

{"id": "CVE-2022-34659", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-08-10T12:15:12.143", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-555707.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Simcenter STAR-CCM+ (Todas las versiones s\u00f3lo si es usado el servidor de licencias p\u00fablicas Power-on-Demand). Las aplicaciones afectadas exponen el usuario, el host y el nombre de pantalla de los usuarios, cuando se usa el servidor p\u00fablico de licencias. Esto podr\u00eda permitir a un atacante recuperar esta informaci\u00f3n"}], "lastModified": "2022-08-16T15:58:26.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simcenter_star-ccm\\+_viewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C21E9FD-B467-43FF-8ECE-DDA5FC3521D4"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}