CVE-2022-39817
CVSS V2 None
CVSS V3 High 8.8
Description
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.
Overview
- CVE ID
- CVE-2022-39817
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-09-13T21:15:09
- Last Modified Date
- 2022-10-06T14:17:27
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:nokia:1350_optical_management_system:14.2:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.8
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-39817 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39817 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-09-13 22:00:10 | Added to TrackCVE |