Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-45338
HistoryDec 15, 2022 - 11:15 p.m.

CVE-2022-45338

2022-12-1523:15:10
CWE-434
[email protected]
web.nvd.nist.gov
arbitrary file upload
exact synergy enterprise
code execution
svg file

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.1%

JSON

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.

Affected configurations

Nvd
Node
exactsoftwareexact_synergyMatch267-enterprise
OR
exactsoftwareexact_synergyMatch267sp1enterprise
OR
exactsoftwareexact_synergyMatch267sp10enterprise
OR
exactsoftwareexact_synergyMatch267sp11enterprise
OR
exactsoftwareexact_synergyMatch267sp12enterprise
OR
exactsoftwareexact_synergyMatch267sp2enterprise
OR
exactsoftwareexact_synergyMatch267sp3enterprise
OR
exactsoftwareexact_synergyMatch267sp4enterprise
OR
exactsoftwareexact_synergyMatch267sp5enterprise
OR
exactsoftwareexact_synergyMatch267sp6enterprise
OR
exactsoftwareexact_synergyMatch267sp7enterprise
OR
exactsoftwareexact_synergyMatch267sp8enterprise
OR
exactsoftwareexact_synergyMatch267sp9enterprise
OR
exactsoftwareexact_synergyMatch500-enterprise
OR
exactsoftwareexact_synergyMatch500sp1enterprise
OR
exactsoftwareexact_synergyMatch500sp2enterprise
OR
exactsoftwareexact_synergyMatch500sp3enterprise
OR
exactsoftwareexact_synergyMatch500sp4enterprise
OR
exactsoftwareexact_synergyMatch500sp5enterprise
VendorProductVersionCPE
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:-:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp1:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp10:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp11:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp12:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp2:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp3:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp4:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp5:*:*:enterprise:*:*:*
exactsoftwareexact_synergy267cpe:2.3:a:exactsoftware:exact_synergy:267:sp6:*:*:enterprise:*:*:*
Rows per page:
1-10 of 191

Related

prion 1
cve 1
cvelist 1
prion
prion
Design/Logic Flaw
2022-12-15 23:15:00
cve
cve
CVE-2022-45338
2022-12-15 23:15:10
cvelist
cvelist
CVE-2022-45338
2022-12-15 00:00:00

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.1%

JSON
Related for NVD:CVE-2022-45338
prion1cve1cvelist1