Lucene search

[email protected]CVE-2022-37786

HistoryJan 01, 2023 - 8:15 a.m.

CVE-2022-37786

2023-01-0108:15:00

CWE-1236

[email protected]

web.nvd.nist.gov

wecube

platform

3.2.2

csv injection

vulnerability

nvd

cve-2022-37786

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.3%

JSON

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.

CPENameOperatorVersion
wecube-platform_project:wecube-platformwecube-platform project wecube-platformeq3.2.2

CPE	Name	Operator	Version
wecube-platform_project:wecube-platform	wecube-platform project wecube-platform	eq	3.2.2

References

github.com/WeBankPartners/wecube-platform

github.com/WeBankPartners/wecube-platform/issues/2327

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for CVE-2022-37786

prion1 osv1 qualysblog1