Lucene search

K
nvd[email protected]NVD:CVE-2022-44016
HistoryDec 25, 2022 - 5:15 a.m.

CVE-2022-44016

2022-12-2505:15:10
CWE-22
web.nvd.nist.gov
simmeth lieferantenmanager
arbitrary file download
api abuse

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.9%

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an ‘“ImagesPath”:“C:\”’ value.

Affected configurations

NVD
Node
simmethlieferantenmanagerRange<5.6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.9%

Related for NVD:CVE-2022-44016