CVE-2022-39069

{"id": "CVE-2022-39069", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-11-08T18:15:11.343", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026604", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en ZTE ZAIP-AIE. Debido a la falta de verificaci\u00f3n de entrada por parte del servidor, un atacante podr\u00eda desencadenar un ataque mediante la creaci\u00f3n de solicitudes maliciosas. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda provocar la filtraci\u00f3n del contenido de la tabla actual."}], "lastModified": "2022-11-09T16:44:17.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zaip-aie:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B78BD20F-5F58-443A-A364-E2C6C2A0D4A8", "versionEndExcluding": "8.22.02"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@zte.com.cn"}