Common Weakness Enumeration

CWE-862

Allowed-with-Review

Missing Authorization

Abstraction: Class · Status: Incomplete

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

14629 vulnerabilities reference this CWE, most recent first.

CVE-2022-32768 (GCVE-0-2022-32768)

Vulnerability from cvelistv5 – Published: 2022-08-22 18:26 – Updated: 2025-04-15 18:50
VLAI
Summary
Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
WWBN AVideo Affected: 11.6
Affected: dev master commit 3f7c0364
Create a notification for this product.
Date Public
2022-08-16 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:44.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32768",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T18:14:11.615088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T18:50:44.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AVideo",
          "vendor": "WWBN",
          "versions": [
            {
              "status": "affected",
              "version": "11.6"
            },
            {
              "status": "affected",
              "version": "dev master commit 3f7c0364"
            }
          ]
        }
      ],
      "datePublic": "2022-08-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user\u0027s streams."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-22T18:26:26.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2022-08-16",
          "ID": "CVE-2022-32768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AVideo",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "11.6"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "dev master commit 3f7c0364"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "WWBN"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user\u0027s streams."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 4.8,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql",
              "refsource": "CONFIRM",
              "url": "https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2022-32768",
    "datePublished": "2022-08-22T18:26:26.065Z",
    "dateReserved": "2022-06-09T00:00:00.000Z",
    "dateUpdated": "2025-04-15T18:50:44.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31765 (GCVE-0-2022-31765)

Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2026-04-14 08:35
VLAI
Summary
Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Siemens RUGGEDCOM RM1224 LTE(4G) EU Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RM1224 LTE(4G) NAM Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M804PB Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M812-1 ADSL-Router Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M816-1 ADSL-Router Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M826-2 SHDSL-Router Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M874-2 Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M874-3 Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 (ROK) Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (EU) Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (NAM) Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (EU) Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (EU) Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (RoW) Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE S615 EEC LAN-Router Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE S615 LAN-Router Affected: 0 , < V7.1.2 (custom)
Create a notification for this product.
Siemens SCALANCE SC622-2C Affected: All versions < V3.0
Create a notification for this product.
Siemens SCALANCE SC632-2C Affected: All versions < V3.0
Create a notification for this product.
Siemens SCALANCE SC636-2C Affected: All versions < V3.0
Create a notification for this product.
Siemens SCALANCE SC642-2C Affected: All versions < V3.0
Create a notification for this product.
Siemens SCALANCE SC646-2C Affected: All versions < V3.0
Create a notification for this product.
Siemens SCALANCE W1748-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-1 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-2 EEC M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-2 M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W1788-2IA M12 Affected: 0 , < * (custom)
Create a notification for this product.
Siemens SCALANCE W721-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W722-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W734-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W734-1 RJ45 (USA) Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W738-1 M12 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W748-1 M12 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W748-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W761-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W774-1 M12 EEC Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W774-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W774-1 RJ45 (USA) Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W778-1 M12 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W778-1 M12 EEC Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W778-1 M12 EEC (USA) Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W786-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W786-2 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W786-2 SFP Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W786-2IA RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W788-1 M12 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W788-1 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W788-2 M12 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W788-2 M12 EEC Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE W788-2 RJ45 Affected: 0 , < V6.6.0 (custom)
Create a notification for this product.
Siemens SCALANCE WAM763-1 Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE WAM766-1 Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE WAM766-1 (US) Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE WAM766-1 EEC Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE WAM766-1 EEC (US) Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE WUM763-1 Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE WUM766-1 Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE WUM766-1 (USA) Affected: All versions < V2.0
Create a notification for this product.
Siemens SCALANCE XB205-3 (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (ST, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3 (ST, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3LD (SC, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB205-3LD (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB208 (E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB208 (PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (SC, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (ST, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3 (ST, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3LD (SC, E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB213-3LD (SC, PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB216 (E/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XB216 (PN) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2 (SC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2 (ST/BFOC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2G PoE EEC (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G (EIP DEF.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC206-2SFP G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G (EIP def.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G PoE Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC208G PoE (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-3G PoE Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-3G PoE (54 V DC) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G (EIP Def.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216-4C G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC216EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G (EIP Def.) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XC224-4C G EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204 DNA Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204-2BA Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XF204-2BA DNA Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-4C Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-4C (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-8C Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM408-8C (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM416-4C Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XM416-4C (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XP208 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP208 (Ethernet/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP208EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP208PoE EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216 (Ethernet/IP) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XP216POE EEC Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR324WG (24 x FE, AC 230V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR324WG (24 X FE, DC 24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR326-2C PoE WG Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR326-2C PoE WG (without UL) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (28xGE, AC 230V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR328-4C WG (28xGE, DC 24V) Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 1x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 1x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 24V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 24V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 2x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR524-8C, 2x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 1x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 1x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 24V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 24V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 2x230V Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR526-8C, 2x230V (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M (2HR2, L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M (2HR2) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR528-6M (L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR552-12M Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR552-12M (2HR2, L3 int.) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SCALANCE XR552-12M (2HR2) Affected: 0 , < V6.6 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC206-2 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC206-2SFP Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC208 Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Siemens SIPLUS NET SCALANCE XC216-4C Affected: 0 , < V4.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:26:01.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31765",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:22:51.272836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:48:35.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M804PB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M826-2 SHDSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3 (ROK)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (NAM)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (RoW)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 EEC LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC622-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC632-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC636-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC642-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE SC646-2C",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-2 EEC M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W1788-2IA M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W721-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W721-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W721-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W721-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W722-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W734-1 RJ45 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W738-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W738-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W738-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W738-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W748-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W761-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W761-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W761-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W761-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W774-1 RJ45 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12 EEC (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W778-1 M12 EEC (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2 SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2IA RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2IA RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2IA RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W786-2IA RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-1 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 M12 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE W788-2 RJ45",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WAM766-1 EEC (US)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM763-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE WUM766-1 (USA)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3 (ST, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3LD (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB205-3LD (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB208 (E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB208 (PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (ST, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3 (ST, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3LD (SC, E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB213-3LD (SC, PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB216 (E/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XB216 (PN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2 (SC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2 (ST/BFOC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G (EIP DEF.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC206-2SFP G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G (EIP def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC208G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-3G PoE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-3G PoE (54 V DC)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G (EIP Def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216-4C G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC216EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G (EIP Def.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XC224-4C G EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204 DNA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XF204-2BA DNA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-4C (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-8C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM408-8C (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM416-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XM416-4C (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208 (Ethernet/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP208PoE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216 (Ethernet/IP)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XP216POE EEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324WG (24 x FE, AC 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR324WG (24 X FE, DC 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR326-2C PoE WG",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR326-2C PoE WG (without UL)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 1x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 1x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 24V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 24V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 2x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR524-8C, 2x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 1x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 1x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 24V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 24V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 2x230V",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR526-8C, 2x230V (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M (2HR2, L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M (2HR2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR528-6M (L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M (2HR2, L3 int.)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M (2HR2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE XR552-12M (2HR2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC206-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC206-2SFP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC208",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET SCALANCE XC216-4C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected devices do not properly authorize the change password function of the web interface.\r\nThis could allow low privileged users to escalate their privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T08:35:21.893Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-552702.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-31765",
    "datePublished": "2022-10-11T00:00:00.000Z",
    "dateReserved": "2022-05-27T00:00:00.000Z",
    "dateUpdated": "2026-04-14T08:35:21.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-31597 (GCVE-0-2022-31597)

Vulnerability from cvelistv5 – Published: 2022-07-12 20:27 – Updated: 2024-08-03 07:25
VLAI
Summary
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
Severity
No CVSS data available.
CWE
Assigner
sap
References
Impacted products
Vendor Product Version
SAP SE SAP S/4HANA Affected: S4CORE 101
Affected: 102
Affected: 103
Affected: 104
Affected: 105
Affected: 106
Affected: SAPSCORE 127
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:25:59.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3213826"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP S/4HANA",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "S4CORE 101"
            },
            {
              "status": "affected",
              "version": "102"
            },
            {
              "status": "affected",
              "version": "103"
            },
            {
              "status": "affected",
              "version": "104"
            },
            {
              "status": "affected",
              "version": "105"
            },
            {
              "status": "affected",
              "version": "106"
            },
            {
              "status": "affected",
              "version": "SAPSCORE 127"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-12T20:27:00.000Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3213826"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-31597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP S/4HANA",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "S4CORE 101"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "102"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "103"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "104"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "105"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "106"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "SAPSCORE 127"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3213826",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3213826"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-31597",
    "datePublished": "2022-07-12T20:27:00.000Z",
    "dateReserved": "2022-05-24T00:00:00.000Z",
    "dateUpdated": "2024-08-03T07:25:59.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31595 (GCVE-0-2022-31595)

Vulnerability from cvelistv5 – Published: 2022-06-14 18:45 – Updated: 2024-08-03 07:19
VLAI
Summary
SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Severity
No CVSS data available.
CWE
Assigner
sap
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:19:06.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3158815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP Financial Consolidation",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "1010"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSAP Financial Consolidation - version 1010,\ufffddoes not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.\u003c/p\u003e"
            }
          ],
          "value": "SAP Financial Consolidation - version 1010,\ufffddoes not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-14T13:02:31.850Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3158815"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-31595",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Financial Consolidation",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1010"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP Financial Consolidation - version 1010,\ufffddoes not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3158815",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3158815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-31595",
    "datePublished": "2022-06-14T18:45:56.000Z",
    "dateReserved": "2022-05-24T00:00:00.000Z",
    "dateUpdated": "2024-08-03T07:19:06.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31592 (GCVE-0-2022-31592)

Vulnerability from cvelistv5 – Published: 2022-07-12 20:26 – Updated: 2024-08-03 07:19
VLAI
Summary
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.
Severity
No CVSS data available.
CWE
Assigner
sap
References
Impacted products
Vendor Product Version
SAP SE SAP Enterprise Extension Defense Forces & Public Security (EA-DFPS) Affected: 605
Affected: 606
Affected: 616
Affected: 617
Affected: 618
Affected: 802
Affected: 803
Affected: 804
Affected: 805
Affected: 806
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:19:06.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3196280"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Enterprise Extension Defense Forces \u0026 Public Security (EA-DFPS)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "605"
            },
            {
              "status": "affected",
              "version": "606"
            },
            {
              "status": "affected",
              "version": "616"
            },
            {
              "status": "affected",
              "version": "617"
            },
            {
              "status": "affected",
              "version": "618"
            },
            {
              "status": "affected",
              "version": "802"
            },
            {
              "status": "affected",
              "version": "803"
            },
            {
              "status": "affected",
              "version": "804"
            },
            {
              "status": "affected",
              "version": "805"
            },
            {
              "status": "affected",
              "version": "806"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The application SAP Enterprise Extension Defense Forces \u0026 Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-12T20:26:34.000Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3196280"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-31592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Enterprise Extension Defense Forces \u0026 Public Security (EA-DFPS)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "605"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "606"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "616"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "617"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "618"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "802"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "803"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "804"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "805"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "806"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The application SAP Enterprise Extension Defense Forces \u0026 Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3196280",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3196280"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-31592",
    "datePublished": "2022-07-12T20:26:34.000Z",
    "dateReserved": "2022-05-24T00:00:00.000Z",
    "dateUpdated": "2024-08-03T07:19:06.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31167 (GCVE-0-2022-31167)

Vulnerability from cvelistv5 – Published: 2022-09-07 13:55 – Updated: 2025-04-22 17:23
VLAI
Title
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
Summary
XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
xwiki xwiki-platform Affected: >= 5.0, < 12.10.11
Affected: >= 13.0, < 13.4.6
Affected: >= 13.10, < 13.10.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-14075"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-18983"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31167",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:44:31.372232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T17:23:53.696Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0, \u003c 12.10.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.0, \u003c 13.4.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.10, \u003c 13.10.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it\u0027s possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T13:55:11.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-14075"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-18983"
        }
      ],
      "source": {
        "advisory": "GHSA-gg53-wf5x-r3r6",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31167",
          "STATE": "PUBLIC",
          "TITLE": "XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "xwiki-platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 5.0, \u003c 12.10.11"
                          },
                          {
                            "version_value": "\u003e= 13.0, \u003c 13.4.6"
                          },
                          {
                            "version_value": "\u003e= 13.10, \u003c 13.10.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "xwiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it\u0027s possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285: Improper Authorization"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6",
              "refsource": "CONFIRM",
              "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
            },
            {
              "name": "https://jira.xwiki.org/browse/XWIKI-14075",
              "refsource": "MISC",
              "url": "https://jira.xwiki.org/browse/XWIKI-14075"
            },
            {
              "name": "https://jira.xwiki.org/browse/XWIKI-18983",
              "refsource": "MISC",
              "url": "https://jira.xwiki.org/browse/XWIKI-18983"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-gg53-wf5x-r3r6",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31167",
    "datePublished": "2022-09-07T13:55:11.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-22T17:23:53.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31128 (GCVE-0-2022-31128)

Vulnerability from cvelistv5 – Published: 2022-08-01 16:20 – Updated: 2025-04-23 17:56
VLAI
Title
Fine grained permissions are not checked in Tuleap
Summary
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Enalean tuleap Affected: >= >= 13.9.99.110, < 13.10.99.82
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tuleap.net/plugins/tracker/?aid=27538"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:03:10.394893Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T17:56:59.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tuleap",
          "vendor": "Enalean",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= \u003e= 13.9.99.110, \u003c 13.10.99.82"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tuleap is a Free \u0026 Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-01T16:20:13.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/tracker/?aid=27538"
        }
      ],
      "source": {
        "advisory": "GHSA-2p49-vgcx-5w79",
        "discovery": "UNKNOWN"
      },
      "title": "Fine grained permissions are not checked in Tuleap",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31128",
          "STATE": "PUBLIC",
          "TITLE": "Fine grained permissions are not checked in Tuleap"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tuleap",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= \u003e= 13.9.99.110, \u003c 13.10.99.82"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Enalean"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Tuleap is a Free \u0026 Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79",
              "refsource": "CONFIRM",
              "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79"
            },
            {
              "name": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33",
              "refsource": "MISC",
              "url": "https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33"
            },
            {
              "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33",
              "refsource": "MISC",
              "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=58ecb1dee1c46075d3e089980301ebfbe0bafd33"
            },
            {
              "name": "https://tuleap.net/plugins/tracker/?aid=27538",
              "refsource": "MISC",
              "url": "https://tuleap.net/plugins/tracker/?aid=27538"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2p49-vgcx-5w79",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31128",
    "datePublished": "2022-08-01T16:20:13.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T17:56:59.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30731 (GCVE-0-2022-30731)

Vulnerability from cvelistv5 – Published: 2022-06-07 18:09 – Updated: 2024-08-03 06:56
VLAI
Summary
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.
CWE
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile My Files Affected: unspecified , < 13.1.00.193 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:14.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "My Files",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "13.1.00.193",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-07T18:09:55.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2022-30731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "My Files",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "13.1.00.193"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862 Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2022-30731",
    "datePublished": "2022-06-07T18:09:55.000Z",
    "dateReserved": "2022-05-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:56:14.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29611 (GCVE-0-2022-29611)

Vulnerability from cvelistv5 – Published: 2022-05-11 14:57 – Updated: 2024-08-03 06:26
VLAI
Summary
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Severity
No CVSS data available.
CWE
Assigner
sap
References
Impacted products
Vendor Product Version
SAP SE SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: 700
Affected: 701
Affected: 702
Affected: 710
Affected: 711
Affected: 730
Affected: 731
Affected: 740
Affected: 750
Affected: 751
Affected: 752
Affected: 753
Affected: 754
Affected: 755
Affected: 756
Affected: 787
Affected: 788
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:06.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3165801"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "700"
            },
            {
              "status": "affected",
              "version": "701"
            },
            {
              "status": "affected",
              "version": "702"
            },
            {
              "status": "affected",
              "version": "710"
            },
            {
              "status": "affected",
              "version": "711"
            },
            {
              "status": "affected",
              "version": "730"
            },
            {
              "status": "affected",
              "version": "731"
            },
            {
              "status": "affected",
              "version": "740"
            },
            {
              "status": "affected",
              "version": "750"
            },
            {
              "status": "affected",
              "version": "751"
            },
            {
              "status": "affected",
              "version": "752"
            },
            {
              "status": "affected",
              "version": "753"
            },
            {
              "status": "affected",
              "version": "754"
            },
            {
              "status": "affected",
              "version": "755"
            },
            {
              "status": "affected",
              "version": "756"
            },
            {
              "status": "affected",
              "version": "787"
            },
            {
              "status": "affected",
              "version": "788"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-11T14:57:20.000Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3165801"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-29611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "700"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "701"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "702"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "710"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "711"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "730"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "731"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "740"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "750"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "751"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "752"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "753"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "754"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "755"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "756"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "787"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "788"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3165801",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3165801"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-29611",
    "datePublished": "2022-05-11T14:57:20.000Z",
    "dateReserved": "2022-04-25T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:26:06.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29176 (GCVE-0-2022-29176)

Vulnerability from cvelistv5 – Published: 2022-05-05 22:05 – Updated: 2025-04-23 18:31
VLAI
Title
Unauthorized gem takeover for some gems on rubygems.org
Summary
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in --frozen or --deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:17:53.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/bugs?subject=rubygems\u0026report_id=1559856"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220616-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:53:37.593220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:31:05.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rubygems.org",
          "vendor": "rubygems",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in --frozen or --deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-16T14:06:16.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/bugs?subject=rubygems\u0026report_id=1559856"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220616-0002/"
        }
      ],
      "source": {
        "advisory": "GHSA-hccv-rwq6-vh79",
        "discovery": "UNKNOWN"
      },
      "title": "Unauthorized gem takeover for some gems on rubygems.org",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29176",
          "STATE": "PUBLIC",
          "TITLE": "Unauthorized gem takeover for some gems on rubygems.org"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rubygems.org",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "rubygems"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in --frozen or --deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79",
              "refsource": "CONFIRM",
              "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79"
            },
            {
              "name": "https://hackerone.com/bugs?subject=rubygems\u0026report_id=1559856",
              "refsource": "MISC",
              "url": "https://hackerone.com/bugs?subject=rubygems\u0026report_id=1559856"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220616-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220616-0002/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-hccv-rwq6-vh79",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-29176",
    "datePublished": "2022-05-05T22:05:10.000Z",
    "dateReserved": "2022-04-13T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:31:05.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.