Lucene search

[email protected]CVE-2022-40238

HistoryOct 26, 2022 - 4:15 p.m.

CVE-2022-40238

2022-10-2616:15:11

CWE-502

[email protected]

web.nvd.nist.gov

cve-2022-40238

remote code injection

cert software

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user’s profile. This can lead to code execution on the server when the user’s profile is accessed.

Affected configurations

NVD

Node

certvinceRange<1.50.5

CPENameOperatorVersion
cert:vincecert vincelt1.50.5

CPE	Name	Operator	Version
cert:vince	cert vince	lt	1.50.5

CNA Affected

[
  {
    "versions": [
      {
        "version": "1.48.0",
        "status": "affected",
        "lessThan": "1.50.5",
        "versionType": "custom"
      }
    ],
    "product": "VINCE - The Vulnerability Information and Coordination Environment",
    "vendor": "CERT/CC"
  }
]

References

github.com/CERTCC/VINCE/issues?q=label%3Asecurity

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2022-40238

osv1 nvd1 cvelist1 prion1