CVE-2022-38123

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.secomea.com/support/cybersecurity-advisory/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:50

Type	Values Removed	Values Added
Summary	Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.	Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.

Information

Published : 2022-12-06 16:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-38123

Mitre link : CVE-2022-38123

CVE.ORG link : CVE-2022-38123

JSON object : View

Products Affected

secomea

gatemanager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2022-38123", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}]}, "published": "2022-12-06T16:15:10.567", "references": [{"url": "https://www.secomea.com/support/cybersecurity-advisory/", "tags": ["Vendor Advisory"], "source": "VulnerabilityReporting@secomea.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface.\n\nThis issue affects:\n\nSecomea GateManager\n\nversions prior to 10.0.\n\n\n\n"}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta de archivos de complemento en la interfaz de administrador de Secomea GateManager permite al administrador del servidor inyectar c\u00f3digo en la interfaz de GateManager. Este problema afecta a: Versiones de Secomea GateManager anteriores a la 10.0."}], "lastModified": "2023-11-07T03:50:03.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B231401-38C1-4714-90B9-2F7044AEE042", "versionEndExcluding": "10.0.622395010"}], "operator": "OR"}]}], "sourceIdentifier": "VulnerabilityReporting@secomea.com"}