Lucene search

[email protected]CVE-2022-38613

HistorySep 09, 2022 - 4:15 p.m.

CVE-2022-38613

2022-09-0916:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-38613

path traversal

smartvista cardgen

authentication

file read

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.9%

JSON

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.

Affected configurations

NVD

Node

bpcbtsmartvista_cardgenMatch3.28.0

CPENameOperatorVersion
bpcbt:smartvista_cardgenbpcbt smartvista cardgeneq3.28.0

CPE	Name	Operator	Version
bpcbt:smartvista_cardgen	bpcbt smartvista cardgen	eq	3.28.0

References

bpcbt.com

smartvista.com

tf1t.gitbook.io/mycve/smartvista/smartvista-cardgen/path-traversal-in-smartvista-cardgen-version-3.28.0-cve-2022-38613

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.9%

JSON

Related for CVE-2022-38613

cvelist1 nvd1 prion1