Lucene search

ARTICACVELIST:CVE-2022-0507

HistoryMar 09, 2022 - 3:09 p.m.

CVE-2022-0507 Vulnerability: Authenticated SQL Injection in API

2022-03-0915:09:18

CWE-89

ARTICA

www.cve.org

vulnerability

authenticated

sql injection

pandora api

attack

version range

oum 759

CVSS3

5.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.

CNA Affected

[
  {
    "product": "Pandora FMS",
    "vendor": "Artica PFMS",
    "versions": [
      {
        "lessThan": "v759",
        "status": "affected",
        "version": "v759",
        "versionType": "custom"
      }
    ]
  }
]

References

khoori.org/posts/cve-2022-0507/

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

www.incibe.es/en/cve-assignment-publication/coordinated-cves

CVSS3

5.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

Related for CVELIST:CVE-2022-0507