Lucene search

[email protected]NVD:CVE-2022-38118

HistoryAug 30, 2022 - 5:15 a.m.

CVE-2022-38118

2022-08-3005:15:08

CWE-89

[email protected]

web.nvd.nist.gov

oaklouds

portal

meeting room

sql-injection

remote attacker

user privilege

database

system operations

service disruption

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.7%

JSON

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.

Affected configurations

NVD

Node

hgigaoaklouds_portalRange2.0–2.0-163

hgigaoaklouds_portalRange3.0–3.0-163

References

www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87

www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for NVD:CVE-2022-38118

prion1 cve1 cvelist1