CVE-2022-23862

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://ysoft.com", "name": "https://ysoft.com", "tags": ["Product"], "refsource": ""}, {"url": "https://github.com/mbadanoiu/CVE-2022-23862", "name": "https://github.com/mbadanoiu/CVE-2022-23862", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf", "name": "https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf", "tags": ["Exploit"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the \"NT Authority\\System\" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-306"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-23862", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2024-10-22T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ysoft:safeq:6.0:build53:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-10-30T21:21Z"}