Lucene search

[email protected]NVD:CVE-2022-29950

HistoryMay 04, 2022 - 3:15 p.m.

CVE-2022-29950

2022-05-0415:15:13

[email protected]

web.nvd.nist.gov

experian hunter

remote modification

authenticated users

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

39.5%

JSON

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed

Affected configurations

Nvd

Node

experianhunterMatch1.16

VendorProductVersionCPE
experianhunter1.16cpe:2.3:a:experian:hunter:1.16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
experian	hunter	1.16	cpe:2.3:a:experian:hunter:1.16:::::::*

References

gist.github.com/Voidager88/73c2d512a72cceb0ef84dbf87a497d10

www.experian.in/hunter

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

39.5%

JSON

Related for NVD:CVE-2022-29950

cve1 prion1 cvelist1