Vulnerability Details CVE-2022-40238
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-40238
-
cpe:2.3:a:cert:vince:-
-
cpe:2.3:a:cert:vince:1.48.0
-
cpe:2.3:a:cert:vince:1.49.0
-
cpe:2.3:a:cert:vince:1.50.0
-
cpe:2.3:a:cert:vince:1.50.1
-
cpe:2.3:a:cert:vince:1.50.2
-
cpe:2.3:a:cert:vince:1.50.3
-
cpe:2.3:a:cert:vince:1.50.4