Lucene search
CrafterCVELIST:CVE-2022-40635HistorySep 13, 2022 - 6:25 p.m.
CVE-2022-40635 Improper Control of Dynamically-Managed Code Resources in Crafter Studio
2022-09-1318:25:10
CWE-913
crafter
www.cve.org
2
crafter studio
control
dynamically-managed
code resources
os commands
groovy sandbox bypass
crafter cms
vulnerability
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.8%
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
CNA Affected
[
{
"product": "Crafter CMS",
"vendor": "Crafter Software",
"versions": [
{
"lessThanOrEqual": "3.1.22",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-40635
2022-09-13 19:15:13
CrafterCMS OS Command Injection vulnerability
2022-09-14 00:00:45
prion
prion
Design/Logic Flaw
2022-09-13 19:15:00
github
github
CrafterCMS OS Command Injection vulnerability
2022-09-14 00:00:45
nvd
nvd
CVE-2022-40635
2022-09-13 19:15:13
cve
cve
CVE-2022-40635
2022-09-13 19:15:13
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.8%
Related for CVELIST:CVE-2022-40635