CVE-2022-45876 (GCVE-0-2022-45876)
Vulnerability from cvelistv5
Published
2023-04-26 21:07
Modified
2025-01-17 17:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.visam.com/kontakt.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vbase.net/en/download.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:01:26.608197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T17:10:14.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VBASE",
"vendor": "VISAM",
"versions": [
{
"lessThan": "11.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-03-21T21:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVersions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\u003c/p\u003e"
}
],
"value": "Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T21:07:31.302Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05"
},
{
"url": "https://www.visam.com/kontakt.php"
},
{
"url": "https://www.vbase.net/en/download.php"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nVISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet. \u0026nbsp;Users of machines without internet access must \nmanually update by submitting a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.vbase.net/en/download.php\"\u003erequest form\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;to receive a download link.\u003c/span\u003e\u003cp\u003eFor more information, users should contact VISAM using the information provided on their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.visam.com/kontakt.php\"\u003econtact page\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;(German language).\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "VISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet. \u00a0Users of machines without internet access must \nmanually update by submitting a request form https://www.vbase.net/en/download.php \u00a0\u00a0to receive a download link.For more information, users should contact VISAM using the information provided on their contact page https://www.visam.com/kontakt.php \u00a0\u00a0(German language).\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2022-45876",
"x_generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-45468"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-45876",
"datePublished": "2023-04-26T21:07:31.302Z",
"dateReserved": "2022-12-21T17:02:52.817Z",
"dateUpdated": "2025-01-17T17:10:14.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.visam.com/kontakt.php\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vbase.net/en/download.php\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:24:03.202Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-45876\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-17T17:01:26.608197Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-17T17:09:45.673Z\"}}], \"cna\": {\"title\": \"CVE-2022-45876\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Kimiya, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA.\"}], \"affected\": [{\"vendor\": \"VISAM\", \"product\": \"VBASE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.7.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"VISAM recommends users update to VBASE 11.7.5 or later. The update can \\nbe performed via the VBASE Editor update dialog on machines with secure \\naccess to the internet. \\u00a0Users of machines without internet access must \\nmanually update by submitting a request form https://www.vbase.net/en/download.php \\u00a0\\u00a0to receive a download link.For more information, users should contact VISAM using the information provided on their contact page https://www.visam.com/kontakt.php \\u00a0\\u00a0(German language).\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\nVISAM recommends users update to VBASE 11.7.5 or later. The update can \\nbe performed via the VBASE Editor update dialog on machines with secure \\naccess to the internet. \u0026nbsp;Users of machines without internet access must \\nmanually update by submitting a \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.vbase.net/en/download.php\\\"\u003erequest form\u003c/a\u003e\u0026nbsp;\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;to receive a download link.\u003c/span\u003e\u003cp\u003eFor more information, users should contact VISAM using the information provided on their \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.visam.com/kontakt.php\\\"\u003econtact page\u003c/a\u003e\u0026nbsp;\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;(German language).\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-03-21T21:05:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05\"}, {\"url\": \"https://www.visam.com/kontakt.php\"}, {\"url\": \"https://www.vbase.net/en/download.php\"}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 2.0.7\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2022-45468\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eVersions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-04-26T21:07:31.302Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-45876\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-17T17:10:14.204Z\", \"dateReserved\": \"2022-12-21T17:02:52.817Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2023-04-26T21:07:31.302Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…