CVE-2022-47544

An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

References

Link	Resource
https://docs.support.siren.io/siren-platform-user-guide/12.1/release-notes.html	Release Notes Vendor Advisory
https://docs.support.siren.io/siren-platform-user-guide/13.0/release-notes.html	Release Notes Vendor Advisory
https://docs.support.siren.io/siren-platform-user-guide/12.1/release-notes.html	Release Notes Vendor Advisory
https://docs.support.siren.io/siren-platform-user-guide/13.0/release-notes.html	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siren:investigate:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:32

Type	Values Removed	Values Added
References	~~() https://docs.support.siren.io/siren-platform-user-guide/12.1/release-notes.html - Release Notes, Vendor Advisory~~	() https://docs.support.siren.io/siren-platform-user-guide/12.1/release-notes.html - Release Notes, Vendor Advisory
References	~~() https://docs.support.siren.io/siren-platform-user-guide/13.0/release-notes.html - Release Notes, Vendor Advisory~~	() https://docs.support.siren.io/siren-platform-user-guide/13.0/release-notes.html - Release Notes, Vendor Advisory
Summary		(es) Se descubrió un problema en Siren Investigate antes de la versión 12.1.7. La lista blanca de variables de script no está suficientemente protegida.

Information

Published : 2023-01-05 21:15

Updated : 2024-11-21 07:32

NVD link : CVE-2022-47544

Mitre link : CVE-2022-47544

CVE.ORG link : CVE-2022-47544

JSON object : View

Products Affected

siren

CWE

NVD-CWE-noinfo