Lucene search

[email protected]CVE-2022-27247

HistoryMay 13, 2022 - 3:15 p.m.

CVE-2022-27247

2022-05-1315:15:08

CWE-639

[email protected]

web.nvd.nist.gov

cve-2022-27247

onlinetolls

cdsoft

winhotel.mx

nvd

information security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.

Affected configurations

NVD

Node

cdsoftwinhotel.mxMatch2021

CPENameOperatorVersion
cdsoft:winhotel.mxcdsoft winhotel.mxeq2021

CPE	Name	Operator	Version
cdsoft:winhotel.mx	cdsoft winhotel.mx	eq	2021

References

myses.de/#about

myses.de/pdf/CVE2022-27247.pdf

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for CVE-2022-27247

nvd1 prion1 cvelist1