Lucene search

MitreCVELIST:CVE-2022-45165

HistoryJan 10, 2023 - 12:00 a.m.

CVE-2022-45165

2023-01-1000:00:00

mitre

www.cve.org

cve-2022-45165

archibus web central

sql injection

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.

References

excellium-services.com/cert-xlm-advisory/CVE-2022-45165/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

Related for CVELIST:CVE-2022-45165