Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by amodat
VAR-202206-1117
Vulnerability from variot - Updated: 2024-02-13 02:02attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. amodat of mobile application gateway for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Amodat Mobile Application Gateway is a mobile application gateway of the Israeli company Amodat. Attackers can use this vulnerability to execute illegal SQL commands to steal sensitive database data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mobile application gateway",
"scope": "lt",
"trust": 1.6,
"vendor": "amodat",
"version": "7.12.00.09"
},
{
"model": "mobile application gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "amodat",
"version": "7.12.00.09"
},
{
"model": "mobile application gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "amodat",
"version": null
},
{
"model": "mobile application gateway",
"scope": null,
"trust": 0.8,
"vendor": "amodat",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:amodat:mobile_application_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.12.00.09",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"cve": "CVE-2022-23169",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-23169",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-68952",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-412065",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cna@cyber.gov.il",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-23169",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-23169",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "cna@cyber.gov.il",
"id": "CVE-2022-23169",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-68952",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-412065",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-23169",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "VULHUB",
"id": "VHN-412065"
},
{
"db": "VULMON",
"id": "CVE-2022-23169"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
},
{
"db": "NVD",
"id": "CVE-2022-23169"
},
{
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "attacker needs to craft a SQL payload. the vulnerable parameter is \"agentid\" must be authenticated to the admin panel. amodat of mobile application gateway for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Amodat Mobile Application Gateway is a mobile application gateway of the Israeli company Amodat. Attackers can use this vulnerability to execute illegal SQL commands to steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23169"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "VULHUB",
"id": "VHN-412065"
},
{
"db": "VULMON",
"id": "CVE-2022-23169"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23169",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-68952",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1170",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-412065",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-23169",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "VULHUB",
"id": "VHN-412065"
},
{
"db": "VULMON",
"id": "CVE-2022-23169"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
},
{
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"id": "VAR-202206-1117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "VULHUB",
"id": "VHN-412065"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
}
]
},
"last_update_date": "2024-02-13T02:02:27.928000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Amodat Mobile Application Gateway SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/356721"
},
{
"title": "Amodat Mobile Application Gateway SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197643"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "VULMON",
"id": "CVE-2022-23169"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412065"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23169"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-23169/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "VULHUB",
"id": "VHN-412065"
},
{
"db": "VULMON",
"id": "CVE-2022-23169"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
},
{
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "VULHUB",
"id": "VHN-412065"
},
{
"db": "VULMON",
"id": "CVE-2022-23169"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
},
{
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-412065"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23169"
},
{
"date": "2023-08-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"date": "2022-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1170"
},
{
"date": "2022-06-13T17:15:09.763000",
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"date": "2022-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-412065"
},
{
"date": "2022-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23169"
},
{
"date": "2023-08-25T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-012085"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1170"
},
{
"date": "2022-06-27T16:17:46.257000",
"db": "NVD",
"id": "CVE-2022-23169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Amodat Mobile Application Gateway SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68952"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1170"
}
],
"trust": 0.6
}
}
VAR-202206-0902
Vulnerability from variot - Updated: 2024-02-13 01:46The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--. Amodat Mobile Application Gateway is a mobile application gateway of the Israeli company Amodat. Attackers can use this vulnerability to execute illegal SQL commands to steal sensitive database data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0902",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mobile application gateway",
"scope": "lt",
"trust": 1.6,
"vendor": "amodat",
"version": "7.12.00.09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:amodat:mobile_application_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.12.00.09",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"cve": "CVE-2022-23168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-68951",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-412064",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-23168",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cna@cyber.gov.il",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-23168",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cna@cyber.gov.il",
"id": "CVE-2022-23168",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-68951",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1168",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-412064",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-23168",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "VULHUB",
"id": "VHN-412064"
},
{
"db": "VULMON",
"id": "CVE-2022-23168"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1168"
},
{
"db": "NVD",
"id": "CVE-2022-23168"
},
{
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin\u0027--. Amodat Mobile Application Gateway is a mobile application gateway of the Israeli company Amodat. Attackers can use this vulnerability to execute illegal SQL commands to steal sensitive database data",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23168"
},
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "VULHUB",
"id": "VHN-412064"
},
{
"db": "VULMON",
"id": "CVE-2022-23168"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23168",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2022-68951",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1168",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-412064",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-23168",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "VULHUB",
"id": "VHN-412064"
},
{
"db": "VULMON",
"id": "CVE-2022-23168"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1168"
},
{
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"id": "VAR-202206-0902",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "VULHUB",
"id": "VHN-412064"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
}
]
},
"last_update_date": "2024-02-13T01:46:02.936000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Amodat Mobile Application Gateway SQL Injection Vulnerability (CNVD-2022-68951)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/356716"
},
{
"title": "Amodat Mobile Application Gateway SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197104"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "VULMON",
"id": "CVE-2022-23168"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412064"
},
{
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-23168/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "VULHUB",
"id": "VHN-412064"
},
{
"db": "VULMON",
"id": "CVE-2022-23168"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1168"
},
{
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"db": "VULHUB",
"id": "VHN-412064"
},
{
"db": "VULMON",
"id": "CVE-2022-23168"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1168"
},
{
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-412064"
},
{
"date": "2022-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23168"
},
{
"date": "2022-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1168"
},
{
"date": "2022-06-13T17:15:09.707000",
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68951"
},
{
"date": "2022-06-22T00:00:00",
"db": "VULHUB",
"id": "VHN-412064"
},
{
"date": "2022-06-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23168"
},
{
"date": "2022-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1168"
},
{
"date": "2022-06-22T18:08:40.697000",
"db": "NVD",
"id": "CVE-2022-23168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Amodat Mobile Application Gateway SQL Injection Vulnerability (CNVD-2022-68951)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68951"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1168"
}
],
"trust": 0.6
}
}
CVE-2022-23169 (GCVE-0-2022-23169)
Vulnerability from nvd – Published: 2022-06-13 16:13 – Updated: 2024-09-17 01:30
VLAI
Title
Amodat - Mobile Application Gateway SQL Injection (SQLi)
Summary
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel.
Severity
5.9 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amodat",
"vendor": "Amodat",
"versions": [
{
"lessThanOrEqual": "7.12.00.09",
"status": "affected",
"version": "7.12.00.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "attacker needs to craft a SQL payload. the vulnerable parameter is \"agentid\" must be authenticated to the admin panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T16:13:31.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Amodat - Mobile Application Gateway SQL Injection (SQLi)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-09T12:15:00.000Z",
"ID": "CVE-2022-23169",
"STATE": "PUBLIC",
"TITLE": "Amodat - Mobile Application Gateway SQL Injection (SQLi)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amodat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.12.00.08",
"version_value": "7.12.00.09"
}
]
}
}
]
},
"vendor_name": "Amodat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "attacker needs to craft a SQL payload. the vulnerable parameter is \"agentid\" must be authenticated to the admin panel."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-23169",
"datePublished": "2022-06-13T16:13:31.959Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:30:44.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23168 (GCVE-0-2022-23168)
Vulnerability from nvd – Published: 2022-06-13 16:12 – Updated: 2024-09-16 19:55
VLAI
Title
Amodat - Mobile Application Gateway SQL Injection (SQLi)
Summary
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--
Severity
5.9 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amodat",
"vendor": "Amodat",
"versions": [
{
"lessThanOrEqual": "7.12.00.09",
"status": "affected",
"version": "7.12.00.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin\u0027--"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T16:12:36.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Amodat - Mobile Application Gateway SQL Injection (SQLi)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-09T12:15:00.000Z",
"ID": "CVE-2022-23168",
"STATE": "PUBLIC",
"TITLE": "Amodat - Mobile Application Gateway SQL Injection (SQLi)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amodat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.12.00.08",
"version_value": "7.12.00.09"
}
]
}
}
]
},
"vendor_name": "Amodat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin\u0027--"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-23168",
"datePublished": "2022-06-13T16:12:36.414Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:55:53.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23167 (GCVE-0-2022-23167)
Vulnerability from nvd – Published: 2022-06-13 16:11 – Updated: 2024-09-16 19:46
VLAI
Title
Amodat - Mobile Application Gateway Local File Inclusion (LFI)
Summary
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
Severity
5.3 (Medium)
CWE
- Local File Inclusion
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amodat",
"vendor": "Amodat",
"versions": [
{
"lessThanOrEqual": "7.12.00.09",
"status": "affected",
"version": "7.12.00.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local File Inclusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T16:11:55.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Amodat - Mobile Application Gateway Local File Inclusion (LFI)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-09T12:15:00.000Z",
"ID": "CVE-2022-23167",
"STATE": "PUBLIC",
"TITLE": "Amodat - Mobile Application Gateway Local File Inclusion (LFI)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amodat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.12.00.08",
"version_value": "7.12.00.09"
}
]
}
}
]
},
"vendor_name": "Amodat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Inclusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-23167",
"datePublished": "2022-06-13T16:11:55.489Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:46:32.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23169 (GCVE-0-2022-23169)
Vulnerability from cvelistv5 – Published: 2022-06-13 16:13 – Updated: 2024-09-17 01:30
VLAI
Title
Amodat - Mobile Application Gateway SQL Injection (SQLi)
Summary
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel.
Severity
5.9 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amodat",
"vendor": "Amodat",
"versions": [
{
"lessThanOrEqual": "7.12.00.09",
"status": "affected",
"version": "7.12.00.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "attacker needs to craft a SQL payload. the vulnerable parameter is \"agentid\" must be authenticated to the admin panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T16:13:31.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Amodat - Mobile Application Gateway SQL Injection (SQLi)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-09T12:15:00.000Z",
"ID": "CVE-2022-23169",
"STATE": "PUBLIC",
"TITLE": "Amodat - Mobile Application Gateway SQL Injection (SQLi)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amodat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.12.00.08",
"version_value": "7.12.00.09"
}
]
}
}
]
},
"vendor_name": "Amodat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "attacker needs to craft a SQL payload. the vulnerable parameter is \"agentid\" must be authenticated to the admin panel."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-23169",
"datePublished": "2022-06-13T16:13:31.959Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:30:44.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23168 (GCVE-0-2022-23168)
Vulnerability from cvelistv5 – Published: 2022-06-13 16:12 – Updated: 2024-09-16 19:55
VLAI
Title
Amodat - Mobile Application Gateway SQL Injection (SQLi)
Summary
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--
Severity
5.9 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amodat",
"vendor": "Amodat",
"versions": [
{
"lessThanOrEqual": "7.12.00.09",
"status": "affected",
"version": "7.12.00.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin\u0027--"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T16:12:36.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Amodat - Mobile Application Gateway SQL Injection (SQLi)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-09T12:15:00.000Z",
"ID": "CVE-2022-23168",
"STATE": "PUBLIC",
"TITLE": "Amodat - Mobile Application Gateway SQL Injection (SQLi)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amodat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.12.00.08",
"version_value": "7.12.00.09"
}
]
}
}
]
},
"vendor_name": "Amodat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin\u0027--"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-23168",
"datePublished": "2022-06-13T16:12:36.414Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:55:53.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23167 (GCVE-0-2022-23167)
Vulnerability from cvelistv5 – Published: 2022-06-13 16:11 – Updated: 2024-09-16 19:46
VLAI
Title
Amodat - Mobile Application Gateway Local File Inclusion (LFI)
Summary
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
Severity
5.3 (Medium)
CWE
- Local File Inclusion
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amodat",
"vendor": "Amodat",
"versions": [
{
"lessThanOrEqual": "7.12.00.09",
"status": "affected",
"version": "7.12.00.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local File Inclusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T16:11:55.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Amodat - Mobile Application Gateway Local File Inclusion (LFI)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-09T12:15:00.000Z",
"ID": "CVE-2022-23167",
"STATE": "PUBLIC",
"TITLE": "Amodat - Mobile Application Gateway Local File Inclusion (LFI)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amodat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.12.00.08",
"version_value": "7.12.00.09"
}
]
}
}
]
},
"vendor_name": "Amodat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush, Dudu Moyal, Gad Abuhatziera - Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Inclusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 7.12.00.09 version"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-23167",
"datePublished": "2022-06-13T16:11:55.489Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:46:32.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}