var-202205-0348
Vulnerability from variot
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 Traffix SDC contains an improper disabling of special elements used by the template engine.Information may be obtained and information may be tampered with. F5 Traffix Signaling Delivery Controller (F5 Traffix SDC) is a signaling delivery controller of F5 Company in the United States. Designed to provide operators with complete connectivity, unlimited scalability and total control
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "traffix signaling delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "5.2.0"
},
{
"model": "traffix signaling delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "5.1.0"
},
{
"model": "traffix sdc",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "5.2.x"
},
{
"model": "traffix sdc",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "5.1.x"
},
{
"model": "traffix sdc",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "5.2.2"
},
{
"model": "traffix sdc",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "traffix sdc",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "5.1.35"
},
{
"model": "traffix sdc",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "5.1.0"
},
{
"model": "traffix sdc",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "5.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "NVD",
"id": "CVE-2022-27662"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27662"
}
]
},
"cve": "CVE-2022-27662",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-27662",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2022-74961",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-419884",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-010245",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-27662",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "f5sirt@f5.com",
"id": "CVE-2022-27662",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-74961",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2481",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-419884",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-27662",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "VULHUB",
"id": "VHN-419884"
},
{
"db": "VULMON",
"id": "CVE-2022-27662"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 Traffix SDC contains an improper disabling of special elements used by the template engine.Information may be obtained and information may be tampered with. F5 Traffix Signaling Delivery Controller (F5 Traffix SDC) is a signaling delivery controller of F5 Company in the United States. Designed to provide operators with complete connectivity, unlimited scalability and total control",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "VULHUB",
"id": "VHN-419884"
},
{
"db": "VULMON",
"id": "CVE-2022-27662"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-27662",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-74961",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2481",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419884",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-27662",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "VULHUB",
"id": "VHN-419884"
},
{
"db": "VULMON",
"id": "CVE-2022-27662"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
]
},
"id": "VAR-202205-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "VULHUB",
"id": "VHN-419884"
}
],
"trust": 1.0152174
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
}
]
},
"last_update_date": "2023-12-18T14:03:59.203000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K24248011",
"trust": 0.8,
"url": "https://my.f5.com/manage/s/article/k24248011"
},
{
"title": "Patch for F5 Traffix SDC Cross-Site Template Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/360246"
},
{
"title": "F5 Traffix SDC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192844"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1336",
"trust": 1.0
},
{
"problemtype": "Improper disabling of special elements used by the template engine (CWE-1336) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "NVD",
"id": "CVE-2022-27662"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.f5.com/csp/article/k24248011"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27662"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27662/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1336.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "VULHUB",
"id": "VHN-419884"
},
{
"db": "VULMON",
"id": "CVE-2022-27662"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"db": "VULHUB",
"id": "VHN-419884"
},
{
"db": "VULMON",
"id": "CVE-2022-27662"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"date": "2022-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-419884"
},
{
"date": "2022-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27662"
},
{
"date": "2023-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"date": "2022-05-05T17:15:13.467000",
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-74961"
},
{
"date": "2022-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-419884"
},
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27662"
},
{
"date": "2023-08-14T05:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-010245"
},
{
"date": "2022-05-13T16:41:47.423000",
"db": "NVD",
"id": "CVE-2022-27662"
},
{
"date": "2022-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5\u00a0Traffix\u00a0SDC\u00a0 Improper Disablement of Special Elements Used in Template Engine in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2481"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.