Lucene search

[email protected]NVD:CVE-2022-26976

HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-26976

2022-06-0214:15:42

CWE-79

[email protected]

web.nvd.nist.gov

barco

control room management

license file

upload mechanism

reflected xss

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.

Affected configurations

Nvd

Node

barcocontrol_room_management_suiteRange<3.14.1

VendorProductVersionCPE
barcocontrol_room_management_suite*cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barco	control_room_management_suite	*	cpe:2.3:a:barco:control_room_management_suite::::::::

References

www.barco.com/en/support/knowledge-base/KB12682

www.barco.com/en/support/transform-n-management-server

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2022-26976

cnvd1 prion1 cvelist1 cve1