cvelistv5 - CVE-2022-29887

CVE-2022-29887 (GCVE-0-2022-29887)

Vulnerability from cvelistv5

Published

2023-08-11 02:37

Modified

2024-10-10 15:12

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

escalation of privilege
CWE-79 - Cross-site Scripting (XSS)

Summary

Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

References

URL

	Vendor	Product	Version
	n/a	Intel(R) Manageability Commander software	Version: before version 2.3

CERTFR-2023-AVI-0640

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
Client Intel Unite pour Mac versions antérieures à 4.2.11
Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
logiciel Intel VROC versions antérieures à 8.0.0.4035
Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
Logiciel Intel Easy Streaming Wizard toutes versions [1]
Application Android Intel Support versions antérieures à v23.02.07
Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
Logiciel Intel oneMKL versions antérieures à 2022.0
Logiciel Intel DTT versions antérieures à 8.7.10801.25109
Logiciel Intel AI Hackathon versions antérieures à 2.0.0
Logiciel Intel DSA versions antérieures à 23.1.9
Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
Outils Intel oneAPI versions antérieures à 2023.1.0
BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
Logiciel Intel Manageability Commander versions antérieures à 2.3
Logiciel Intel Unison versions antérieures à 10.12
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
Outils de développement Intel PSR versions antérieures à 1.0.0.20
Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
Application Android Intel Unite versions antérieures à 4.2.3504
Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
Logiciel Intel ITS versions antérieures à 3.1
Outils de développement Intel RealSense versions antérieures à 2.53.1

[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00846 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00844 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00897 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00893 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00899 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00828 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00813 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00912 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00859 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00932 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00812 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00892 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00934 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00795 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00938 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00826 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00862 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00818 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00836 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00840 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00873 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00742 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00794 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00766 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00879 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00905 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00837 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00783 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00830 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00842 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00877 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00848 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00829 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00917 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00946 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00800 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00890 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00850 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00849 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00868 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00878 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00907 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00690 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00875 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00872 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00835 du 08 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-32617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
    },
    {
      "name": "CVE-2023-27509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
    },
    {
      "name": "CVE-2023-31246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
    },
    {
      "name": "CVE-2023-23577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
    },
    {
      "name": "CVE-2022-44611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
    },
    {
      "name": "CVE-2023-28736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
    },
    {
      "name": "CVE-2023-29243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
    },
    {
      "name": "CVE-2023-34086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
    },
    {
      "name": "CVE-2023-27392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
    },
    {
      "name": "CVE-2023-24016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
    },
    {
      "name": "CVE-2022-27635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
    },
    {
      "name": "CVE-2023-28823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
    },
    {
      "name": "CVE-2023-22356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
    },
    {
      "name": "CVE-2023-27506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
    },
    {
      "name": "CVE-2023-32547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
    },
    {
      "name": "CVE-2022-36372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
    },
    {
      "name": "CVE-2023-25773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
    },
    {
      "name": "CVE-2023-28658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
    },
    {
      "name": "CVE-2022-37343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
    },
    {
      "name": "CVE-2022-36392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
    },
    {
      "name": "CVE-2023-27515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
    },
    {
      "name": "CVE-2022-38076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
    },
    {
      "name": "CVE-2023-27391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
    },
    {
      "name": "CVE-2022-37336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
    },
    {
      "name": "CVE-2023-28385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
    },
    {
      "name": "CVE-2023-25944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
    },
    {
      "name": "CVE-2023-29500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
    },
    {
      "name": "CVE-2023-22841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
    },
    {
      "name": "CVE-2022-38102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
    },
    {
      "name": "CVE-2023-22444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
    },
    {
      "name": "CVE-2023-32609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
    },
    {
      "name": "CVE-2023-28938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
    },
    {
      "name": "CVE-2023-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
    },
    {
      "name": "CVE-2023-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
    },
    {
      "name": "CVE-2023-22276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
    },
    {
      "name": "CVE-2023-33867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
    },
    {
      "name": "CVE-2022-29871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
    },
    {
      "name": "CVE-2022-40982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
    },
    {
      "name": "CVE-2022-29887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
    },
    {
      "name": "CVE-2023-32656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
    },
    {
      "name": "CVE-2023-22449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
    },
    {
      "name": "CVE-2023-25757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
    },
    {
      "name": "CVE-2023-25182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
    },
    {
      "name": "CVE-2022-29470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
    },
    {
      "name": "CVE-2023-29494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
    },
    {
      "name": "CVE-2023-28380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
    },
    {
      "name": "CVE-2022-41984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
    },
    {
      "name": "CVE-2023-22840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
    },
    {
      "name": "CVE-2022-40964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
    },
    {
      "name": "CVE-2023-34355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
    },
    {
      "name": "CVE-2022-38973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
    },
    {
      "name": "CVE-2022-34657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
    },
    {
      "name": "CVE-2023-29151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
    },
    {
      "name": "CVE-2022-43505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
    },
    {
      "name": "CVE-2022-36351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
    },
    {
      "name": "CVE-2023-34438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
    },
    {
      "name": "CVE-2023-28405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
    },
    {
      "name": "CVE-2023-34427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
    },
    {
      "name": "CVE-2023-32663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
    },
    {
      "name": "CVE-2022-41804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
    },
    {
      "name": "CVE-2022-45112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
    },
    {
      "name": "CVE-2023-27505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
    },
    {
      "name": "CVE-2023-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
    },
    {
      "name": "CVE-2023-22330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
    },
    {
      "name": "CVE-2023-27887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
    },
    {
      "name": "CVE-2022-43456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
    },
    {
      "name": "CVE-2023-32285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
    },
    {
      "name": "CVE-2022-46329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
    },
    {
      "name": "CVE-2023-32543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
    },
    {
      "name": "CVE-2023-34349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
    },
    {
      "name": "CVE-2023-22338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
    },
    {
      "name": "CVE-2023-26587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
    },
    {
      "name": "CVE-2023-30760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
    },
    {
      "name": "CVE-2022-44612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
    },
    {
      "name": "CVE-2023-25775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
    },
    {
      "name": "CVE-2022-27879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
    },
    {
      "name": "CVE-2022-25864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
    },
    {
      "name": "CVE-2023-23908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
    },
    {
      "name": "CVE-2022-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
    }
  ],
  "initial_release_date": "2023-08-09T00:00:00",
  "last_revision_date": "2023-08-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0640",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
    }
  ]
}

gsd-2022-29887

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Aliases

CVE-2022-29887

Aliases

CVE-2022-29887

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29887",
    "id": "GSD-2022-29887"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29887"
      ],
      "details": "Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
      "id": "GSD-2022-29887",
      "modified": "2023-12-13T01:19:42.081848Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2022-29887",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) Manageability Commander software",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "before version 2.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "escalation of privilege"
              },
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "Cross-site Scripting (XSS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html",
            "refsource": "MISC",
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:manageability_commander:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-29887"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2023-08-16T20:35Z",
      "publishedDate": "2023-08-11T03:15Z"
    }
  }
}

fkie_cve-2022-29887

Vulnerability from fkie_nvd

Published

2023-08-11 03:15

Modified

2024-11-21 06:59

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

References

	URL	Tags
	secure@intel.com	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	manageability_commander	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:manageability_commander:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66CDA13-93CB-4EC2-99AA-227177DD7365",
              "versionEndExcluding": "2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
    },
    {
      "lang": "es",
      "value": "Cross-site Scripting (XSS) en algunos Intel(R) Manageability Commander software antes de la versi\u00f3n 2.3 puede permitir que un usuario no autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s de acceso a la red."
    }
  ],
  "id": "CVE-2022-29887",
  "lastModified": "2024-11-21T06:59:54.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-11T03:15:12.437",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "secure@intel.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-jx65-p7rw-vj3x

Vulnerability from github

Published

2023-08-11 03:30

Modified

2024-04-04 06:49

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-29887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-11T03:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
  "id": "GHSA-jx65-p7rw-vj3x",
  "modified": "2024-04-04T06:49:32Z",
  "published": "2023-08-11T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29887"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-29887 (GCVE-0-2022-29887)

Vulnerability from cvelistv5

CERTFR-2023-AVI-0640

Vulnerability from certfr_avis

Solution

gsd-2022-29887

Vulnerability from gsd

fkie_cve-2022-29887

Vulnerability from fkie_nvd

ghsa-jx65-p7rw-vj3x

Vulnerability from github

Tags

Sightings

Nomenclature