Search criteria
6 vulnerabilities found for xmpie_ustore by xerox
FKIE_CVE-2022-23321
Vulnerability from fkie_nvd - Published: 2022-02-10 19:15 - Updated: 2024-11-21 06:48
Severity ?
Summary
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://xmpie.com | Product | |
| cve@mitre.org | https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.xmpie.com/ustore-release-notes/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://xmpie.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.xmpie.com/ustore-release-notes/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | xmpie_ustore | 12.3.7244.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:xmpie_ustore:12.3.7244.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F96804C-0936-4BF6-A196-552B66EE670E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) persistente en dos campos input dentro del panel administrativo cuando son editados usuarios en la aplicaci\u00f3n XMPie UStore en versi\u00f3n 12.3.7244.0"
}
],
"id": "CVE-2022-23321",
"lastModified": "2024-11-21T06:48:24.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-10T19:15:09.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://xmpie.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://xmpie.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23320
Vulnerability from fkie_nvd - Published: 2022-02-07 11:15 - Updated: 2024-11-21 06:48
Severity ?
Summary
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://xmpie.com | Vendor Advisory | |
| cve@mitre.org | https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 | Third Party Advisory | |
| cve@mitre.org | https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.xmpie.com/ustore-release-notes/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://xmpie.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.xmpie.com/ustore-release-notes/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xerox | xmpie_ustore | 12.3.7244.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xerox:xmpie_ustore:12.3.7244.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F96804C-0936-4BF6-A196-552B66EE670E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database."
},
{
"lang": "es",
"value": "XMPie uStore versi\u00f3n 12.3.7244.0 permite a administradores generar informes basados en consultas SQL sin procesar. Dado que la aplicaci\u00f3n es enviada con credenciales administrativas por defecto, un atacante podr\u00eda autenticarse en la aplicaci\u00f3n y exfiltrar informaci\u00f3n confidencial de la base de datos"
}
],
"id": "CVE-2022-23320",
"lastModified": "2024-11-21T06:48:24.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-07T11:15:07.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpie.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://xmpie.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-23321 (GCVE-0-2022-23321)
Vulnerability from cvelistv5 – Published: 2022-02-10 18:11 – Updated: 2024-08-03 03:36
VLAI?
Summary
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:11:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xmpie.com",
"refsource": "MISC",
"url": "http://xmpie.com"
},
{
"name": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/",
"refsource": "MISC",
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"name": "https://www.xmpie.com/ustore-release-notes/",
"refsource": "MISC",
"url": "https://www.xmpie.com/ustore-release-notes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23321",
"datePublished": "2022-02-10T18:11:16",
"dateReserved": "2022-01-18T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23320 (GCVE-0-2022-23320)
Vulnerability from cvelistv5 – Published: 2022-02-07 10:47 – Updated: 2024-08-03 03:36
VLAI?
Summary
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T10:47:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xmpie.com",
"refsource": "MISC",
"url": "http://xmpie.com"
},
{
"name": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/",
"refsource": "MISC",
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"name": "https://www.xmpie.com/ustore-release-notes/",
"refsource": "MISC",
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"name": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29",
"refsource": "MISC",
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23320",
"datePublished": "2022-02-07T10:47:33",
"dateReserved": "2022-01-18T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23321 (GCVE-0-2022-23321)
Vulnerability from nvd – Published: 2022-02-10 18:11 – Updated: 2024-08-03 03:36
VLAI?
Summary
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:11:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xmpie.com",
"refsource": "MISC",
"url": "http://xmpie.com"
},
{
"name": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/",
"refsource": "MISC",
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"name": "https://www.xmpie.com/ustore-release-notes/",
"refsource": "MISC",
"url": "https://www.xmpie.com/ustore-release-notes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23321",
"datePublished": "2022-02-10T18:11:16",
"dateReserved": "2022-01-18T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23320 (GCVE-0-2022-23320)
Vulnerability from nvd – Published: 2022-02-07 10:47 – Updated: 2024-08-03 03:36
VLAI?
Summary
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T10:47:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xmpie.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xmpie.com",
"refsource": "MISC",
"url": "http://xmpie.com"
},
{
"name": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/",
"refsource": "MISC",
"url": "https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/"
},
{
"name": "https://www.xmpie.com/ustore-release-notes/",
"refsource": "MISC",
"url": "https://www.xmpie.com/ustore-release-notes/"
},
{
"name": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29",
"refsource": "MISC",
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23320",
"datePublished": "2022-02-07T10:47:33",
"dateReserved": "2022-01-18T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}