CVE-2022-3217

{"id": "CVE-2022-3217", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-16T22:15:12.247", "references": [{"url": "https://www.tenable.com/security/research/tra-2022-31", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials."}, {"lang": "es", "value": "Cuando es iniciada la sesi\u00f3n en un proyecto de tiempo de ejecuci\u00f3n VBASE por medio de Web-Remote, el producto usa XOR con una clave inicial est\u00e1tica para ofuscar los mensajes de inicio de sesi\u00f3n. Un atacante remoto no autenticado con la capacidad de capturar una sesi\u00f3n de inicio de sesi\u00f3n puede obtener las credenciales de inicio de sesi\u00f3n"}], "lastModified": "2022-09-21T13:21:37.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:visam:vbase:11.7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E08BCC8-EE4B-4DF3-A1A8-8CA5AB5B16AB"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}