CVE-2022-46303 Vulnerability Details

  /     /     /  

CVE-2022-46303 Metadata Quick Info

CVE Published: 20/02/2023 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Tribe29 | Vendor: Tribe29 | Product: Checkmk
Status : PUBLISHED

CVE-2022-46303 Description

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application\'s local permissions.

Metrics

CVSS Version: 3.1 | Base Score: 8 HIGH
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20 Improper Input Validation
Source: Tribe29

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-88
CAPEC Description: CAPEC-88 OS Command Injection


Source: NVD (National Vulnerability Database).