CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-48282

Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 Following configuration must be true for the vulnerability to be applicable: * Application must written in C# taking arbitrary data from users and serializing data using _t without any validation AND * Application must be running on a Windows host using the full .NET Framework, not .NET Core AND * Application must have domain model class with a property/field explicitly of type System.Object or a collection of type System.Object (against MongoDB best practice) AND * Malicious attacker must have unrestricted insert access to target database to add a _t discriminator."Following configuration must be true for the vulnerability to be applicable

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.2%

CVSS Severity

CVSS v3 Score 6.6

References

Products affected by CVE-2022-48282

Mongodb » C# Driver » Version: 0.11.0.4042

cpe:2.3:a:mongodb:c#_driver:0.11.0.4042
Mongodb » C# Driver » Version: 0.5.0.3940

cpe:2.3:a:mongodb:c#_driver:0.5.0.3940
Mongodb » C# Driver » Version: 0.7.0.3959

cpe:2.3:a:mongodb:c#_driver:0.7.0.3959
Mongodb » C# Driver » Version: 0.9.0.3992

cpe:2.3:a:mongodb:c#_driver:0.9.0.3992
Mongodb » C# Driver » Version: 1.0.0.4098

cpe:2.3:a:mongodb:c#_driver:1.0.0.4098
Mongodb » C# Driver » Version: 1.1.0.4184

cpe:2.3:a:mongodb:c#_driver:1.1.0.4184
Mongodb » C# Driver » Version: 1.10.0

cpe:2.3:a:mongodb:c#_driver:1.10.0
Mongodb » C# Driver » Version: 1.10.1

cpe:2.3:a:mongodb:c#_driver:1.10.1
Mongodb » C# Driver » Version: 1.11.0

cpe:2.3:a:mongodb:c#_driver:1.11.0
Mongodb » C# Driver » Version: 1.2.0.4274

cpe:2.3:a:mongodb:c#_driver:1.2.0.4274
Mongodb » C# Driver » Version: 1.3.0.4309

cpe:2.3:a:mongodb:c#_driver:1.3.0.4309
Mongodb » C# Driver » Version: 1.3.1.4349

cpe:2.3:a:mongodb:c#_driver:1.3.1.4349
Mongodb » C# Driver » Version: 1.4.0.4468

cpe:2.3:a:mongodb:c#_driver:1.4.0.4468
Mongodb » C# Driver » Version: 1.4.1.4490

cpe:2.3:a:mongodb:c#_driver:1.4.1.4490
Mongodb » C# Driver » Version: 1.4.2.4500

cpe:2.3:a:mongodb:c#_driver:1.4.2.4500
Mongodb » C# Driver » Version: 1.5.0.4566

cpe:2.3:a:mongodb:c#_driver:1.5.0.4566
Mongodb » C# Driver » Version: 1.6.0

cpe:2.3:a:mongodb:c#_driver:1.6.0
Mongodb » C# Driver » Version: 1.6.0.4624

cpe:2.3:a:mongodb:c#_driver:1.6.0.4624
Mongodb » C# Driver » Version: 1.6.1.4678

cpe:2.3:a:mongodb:c#_driver:1.6.1.4678
Mongodb » C# Driver » Version: 1.7.0.4714

cpe:2.3:a:mongodb:c#_driver:1.7.0.4714
Mongodb » C# Driver » Version: 1.7.1.4791

cpe:2.3:a:mongodb:c#_driver:1.7.1.4791
Mongodb » C# Driver » Version: 1.8.0.124

cpe:2.3:a:mongodb:c#_driver:1.8.0.124
Mongodb » C# Driver » Version: 1.8.1.20

cpe:2.3:a:mongodb:c#_driver:1.8.1.20
Mongodb » C# Driver » Version: 1.8.2.34

cpe:2.3:a:mongodb:c#_driver:1.8.2.34
Mongodb » C# Driver » Version: 1.8.3.9

cpe:2.3:a:mongodb:c#_driver:1.8.3.9
Mongodb » C# Driver » Version: 1.9.0

cpe:2.3:a:mongodb:c#_driver:1.9.0
Mongodb » C# Driver » Version: 1.9.1

cpe:2.3:a:mongodb:c#_driver:1.9.1
Mongodb » C# Driver » Version: 1.9.2

cpe:2.3:a:mongodb:c#_driver:1.9.2
Mongodb » C# Driver » Version: 2.0.0

cpe:2.3:a:mongodb:c#_driver:2.0.0
Mongodb » C# Driver » Version: 2.0.1

cpe:2.3:a:mongodb:c#_driver:2.0.1
Mongodb » C# Driver » Version: 2.0.2

cpe:2.3:a:mongodb:c#_driver:2.0.2
Mongodb » C# Driver » Version: 2.1.0

cpe:2.3:a:mongodb:c#_driver:2.1.0
Mongodb » C# Driver » Version: 2.1.1

cpe:2.3:a:mongodb:c#_driver:2.1.1
Mongodb » C# Driver » Version: 2.10.0

cpe:2.3:a:mongodb:c#_driver:2.10.0
Mongodb » C# Driver » Version: 2.10.1

cpe:2.3:a:mongodb:c#_driver:2.10.1
Mongodb » C# Driver » Version: 2.10.2

cpe:2.3:a:mongodb:c#_driver:2.10.2
Mongodb » C# Driver » Version: 2.10.3

cpe:2.3:a:mongodb:c#_driver:2.10.3
Mongodb » C# Driver » Version: 2.10.4

cpe:2.3:a:mongodb:c#_driver:2.10.4
Mongodb » C# Driver » Version: 2.11.0

cpe:2.3:a:mongodb:c#_driver:2.11.0
Mongodb » C# Driver » Version: 2.11.1

cpe:2.3:a:mongodb:c#_driver:2.11.1
Mongodb » C# Driver » Version: 2.11.2

cpe:2.3:a:mongodb:c#_driver:2.11.2
Mongodb » C# Driver » Version: 2.11.3

cpe:2.3:a:mongodb:c#_driver:2.11.3
Mongodb » C# Driver » Version: 2.11.4

cpe:2.3:a:mongodb:c#_driver:2.11.4
Mongodb » C# Driver » Version: 2.11.5

cpe:2.3:a:mongodb:c#_driver:2.11.5
Mongodb » C# Driver » Version: 2.11.6

cpe:2.3:a:mongodb:c#_driver:2.11.6
Mongodb » C# Driver » Version: 2.12.0

cpe:2.3:a:mongodb:c#_driver:2.12.0
Mongodb » C# Driver » Version: 2.12.1

cpe:2.3:a:mongodb:c#_driver:2.12.1
Mongodb » C# Driver » Version: 2.12.2

cpe:2.3:a:mongodb:c#_driver:2.12.2
Mongodb » C# Driver » Version: 2.12.3

cpe:2.3:a:mongodb:c#_driver:2.12.3
Mongodb » C# Driver » Version: 2.13.0

cpe:2.3:a:mongodb:c#_driver:2.13.0
Mongodb » C# Driver » Version: 2.13.1

cpe:2.3:a:mongodb:c#_driver:2.13.1
Mongodb » C# Driver » Version: 2.13.2

cpe:2.3:a:mongodb:c#_driver:2.13.2
Mongodb » C# Driver » Version: 2.13.3

cpe:2.3:a:mongodb:c#_driver:2.13.3
Mongodb » C# Driver » Version: 2.14.0

cpe:2.3:a:mongodb:c#_driver:2.14.0
Mongodb » C# Driver » Version: 2.14.1

cpe:2.3:a:mongodb:c#_driver:2.14.1
Mongodb » C# Driver » Version: 2.15.0

cpe:2.3:a:mongodb:c#_driver:2.15.0
Mongodb » C# Driver » Version: 2.15.1

cpe:2.3:a:mongodb:c#_driver:2.15.1
Mongodb » C# Driver » Version: 2.16.0

cpe:2.3:a:mongodb:c#_driver:2.16.0
Mongodb » C# Driver » Version: 2.16.1

cpe:2.3:a:mongodb:c#_driver:2.16.1
Mongodb » C# Driver » Version: 2.17.0

cpe:2.3:a:mongodb:c#_driver:2.17.0
Mongodb » C# Driver » Version: 2.17.1

cpe:2.3:a:mongodb:c#_driver:2.17.1
Mongodb » C# Driver » Version: 2.18.0

cpe:2.3:a:mongodb:c#_driver:2.18.0
Mongodb » C# Driver » Version: 2.2.0

cpe:2.3:a:mongodb:c#_driver:2.2.0
Mongodb » C# Driver » Version: 2.2.1

cpe:2.3:a:mongodb:c#_driver:2.2.1
Mongodb » C# Driver » Version: 2.2.2

cpe:2.3:a:mongodb:c#_driver:2.2.2
Mongodb » C# Driver » Version: 2.2.3

cpe:2.3:a:mongodb:c#_driver:2.2.3
Mongodb » C# Driver » Version: 2.2.4

cpe:2.3:a:mongodb:c#_driver:2.2.4
Mongodb » C# Driver » Version: 2.3.0

cpe:2.3:a:mongodb:c#_driver:2.3.0
Mongodb » C# Driver » Version: 2.4.0

cpe:2.3:a:mongodb:c#_driver:2.4.0
Mongodb » C# Driver » Version: 2.4.1

cpe:2.3:a:mongodb:c#_driver:2.4.1
Mongodb » C# Driver » Version: 2.4.2

cpe:2.3:a:mongodb:c#_driver:2.4.2
Mongodb » C# Driver » Version: 2.4.3

cpe:2.3:a:mongodb:c#_driver:2.4.3
Mongodb » C# Driver » Version: 2.4.4

cpe:2.3:a:mongodb:c#_driver:2.4.4
Mongodb » C# Driver » Version: 2.5.0

cpe:2.3:a:mongodb:c#_driver:2.5.0
Mongodb » C# Driver » Version: 2.5.1

cpe:2.3:a:mongodb:c#_driver:2.5.1
Mongodb » C# Driver » Version: 2.6.0

cpe:2.3:a:mongodb:c#_driver:2.6.0
Mongodb » C# Driver » Version: 2.6.1

cpe:2.3:a:mongodb:c#_driver:2.6.1
Mongodb » C# Driver » Version: 2.7.0

cpe:2.3:a:mongodb:c#_driver:2.7.0
Mongodb » C# Driver » Version: 2.7.1

cpe:2.3:a:mongodb:c#_driver:2.7.1
Mongodb » C# Driver » Version: 2.7.2

cpe:2.3:a:mongodb:c#_driver:2.7.2
Mongodb » C# Driver » Version: 2.7.3

cpe:2.3:a:mongodb:c#_driver:2.7.3
Mongodb » C# Driver » Version: 2.8.0

cpe:2.3:a:mongodb:c#_driver:2.8.0
Mongodb » C# Driver » Version: 2.8.1

cpe:2.3:a:mongodb:c#_driver:2.8.1
Mongodb » C# Driver » Version: 2.9.0

cpe:2.3:a:mongodb:c#_driver:2.9.0
Mongodb » C# Driver » Version: 2.9.1

cpe:2.3:a:mongodb:c#_driver:2.9.1
Mongodb » C# Driver » Version: 2.9.2

cpe:2.3:a:mongodb:c#_driver:2.9.2
Mongodb » C# Driver » Version: 2.9.3

cpe:2.3:a:mongodb:c#_driver:2.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-48282

Products

Pricing

Contact Us