CVE-2022-39289
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
30.1%
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zoneminder | zoneminder | * | cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* |
| zoneminder | zoneminder | * | cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "ZoneMinder",
"product": "zoneminder",
"versions": [
{
"version": "< 1.36.27",
"status": "affected"
},
{
"version": ">= 1.37.0, < 1.37.24",
"status": "affected"
}
]
}
]References
Social References
More
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
30.1%