Lucene search

[email protected]CVE-2022-39031

HistorySep 28, 2022 - 4:15 a.m.

CVE-2022-39031

2022-09-2804:15:14

CWE-200

CWE-863

[email protected]

web.nvd.nist.gov

cve-2022-39031

smart evision

insufficient authorization

task acquisition

remote attacker

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only.

Affected configurations

NVD

Node

lcnetsmart_evisionMatch2022.02.21

VendorProductVersionCPE
lcnetsmart_evision2022.02.21cpe:/a:lcnet:smart_evision:2022.02.21:::

Vendor	Product	Version	CPE
lcnet	smart_evision	2022.02.21	cpe:/a:lcnet:smart_evision:2022.02.21:::

CNA Affected

[
  {
    "product": "Smart eVision",
    "vendor": "Smart eVision Information Technology Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "2022.02.21"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6568-331c1-1.html

Social References

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Related for CVE-2022-39031

nvd1 cvelist1 prion1