Lucene search

TwcertCVELIST:CVE-2022-38122

HistoryNov 10, 2022 - 2:20 a.m.

CVE-2022-38122 POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information

2022-11-1002:20:43

CWE-319

twcert

www.cve.org

cve-2022-38122

powercom co. ltd

upsmon pro

cleartext transmission

sensitive information

http protocol

remote attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.1%

JSON

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.

CNA Affected

[
  {
    "vendor": "POWERCOM CO., LTD.",
    "product": "UPSMON PRO",
    "versions": [
      {
        "version": "2.57",
        "status": "affected"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6681-e9650-1.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.1%

JSON

Related for CVELIST:CVE-2022-38122