Vulnerability Details CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-46478
-
cpe:2.3:a:datax-web_project:datax-web:1.0.0
-
cpe:2.3:a:datax-web_project:datax-web:2.0.0
-
cpe:2.3:a:datax-web_project:datax-web:2.0.1
-
cpe:2.3:a:datax-web_project:datax-web:2.1.0
-
cpe:2.3:a:datax-web_project:datax-web:2.1.1
-
cpe:2.3:a:datax-web_project:datax-web:2.1.2