Lucene search

[email protected]CVE-2022-36542

HistoryAug 26, 2022 - 9:15 p.m.

CVE-2022-36542

2022-08-2621:15:08

[email protected]

web.nvd.nist.gov

cve-2022-36542

access control

edoc

doctor appointment system

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

JSON

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.

Affected configurations

NVD

Node

edoc-doctor-appointment-system_projectedoc-doctor-appointment-systemMatch1.0.1

CPENameOperatorVersion
edoc-doctor-appointment-system_project:edoc-doctor-appointment-systemedoc-doctor-appointment-system project edoc-doctor-appointment-systemeq1.0.1

CPE	Name	Operator	Version
edoc-doctor-appointment-system_project:edoc-doctor-appointment-system	edoc-doctor-appointment-system project edoc-doctor-appointment-system	eq	1.0.1

References

github.com/HashenUdara/edoc-doctor-appointment-system

github.com/onEpAth936/cve/blob/master/bug_e/edoc-doctor-appointment-system

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

JSON

Related for CVE-2022-36542

cvelist1 nvd1 prion1