CVE-2022-36243

{"id": "CVE-2022-36243", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-05-30T20:15:09.587", "references": [{"url": "https://www.shopbeat.co.za", "tags": ["Product"], "source": "support@shopbeat.co.za"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "support@shopbeat.co.za", "description": [{"lang": "en", "value": "CWE-548"}]}], "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."}], "lastModified": "2023-06-02T19:44:29.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", "vulnerable": true, "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E", "versionEndExcluding": "3.2.57", "versionStartIncluding": "2.5.95"}], "operator": "OR"}]}], "sourceIdentifier": "support@shopbeat.co.za"}