Vulnerability Details CVE-2022-23320
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://xmpie.com
- https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29
- https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/
- https://www.xmpie.com/ustore-release-notes/
- http://xmpie.com
- https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29
- https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/
- https://www.xmpie.com/ustore-release-notes/
Products affected by CVE-2022-23320
-
cpe:2.3:a:xerox:xmpie_ustore:12.3.7244.0