Lucene search

[email protected]NVD:CVE-2022-32555

HistorySep 13, 2022 - 8:15 p.m.

CVE-2022-32555

2022-09-1320:15:09

CWE-352

[email protected]

web.nvd.nist.gov

unisys

csrf

authentication

post request

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.8%

JSON

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn’t have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.

Affected configurations

Nvd

Node

unisysdata_exchange_management_studioMatch6.0.ic1

unisysdata_exchange_management_studioMatch7.0

VendorProductVersionCPE
unisysdata_exchange_management_studio6.0.ic1cpe:2.3:a:unisys:data_exchange_management_studio:6.0.ic1:*:*:*:*:*:*:*
unisysdata_exchange_management_studio7.0cpe:2.3:a:unisys:data_exchange_management_studio:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
unisys	data_exchange_management_studio	6.0.ic1	cpe:2.3:a:unisys:data_exchange_management_studio:6.0.ic1:::::::*
unisys	data_exchange_management_studio	7.0	cpe:2.3:a:unisys:data_exchange_management_studio:7.0:::::::*

References

public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=69

unisys.com

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.8%

JSON

Related for NVD:CVE-2022-32555

cve1 prion1 cvelist1