CVE Published: 18/10/2022 |
CVE Updated: 16/09/2024 |
CVE Year: 2022 Source: twcert |
Vendor: Changing Information Technology Inc. |
Product: RAVA certificate validation system Status : PUBLISHED
CVE-2022-39055 Description
RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.
Metrics
CVSS Version: 3.1 |
Base Score: 5.3 MEDIUM Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N