CVE-2022-23320
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
XMPie uStore versión 12.3.7244.0 permite a administradores generar informes basados en consultas SQL sin procesar. Dado que la aplicación es enviada con credenciales administrativas por defecto, un atacante podría autenticarse en la aplicación y exfiltrar información confidencial de la base de datos
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-18 CVE Reserved
- 2022-02-07 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://xmpie.com | 2023-08-08 | |
| https://www.xmpie.com/ustore-release-notes | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xerox Search vendor "Xerox" | Xmpie Ustore Search vendor "Xerox" for product "Xmpie Ustore" | 12.3.7244.0 Search vendor "Xerox" for product "Xmpie Ustore" and version "12.3.7244.0" | - |
Affected
| ||||||