CVE-2022-39821

{"id": "CVE-2022-39821", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-13T21:15:10.077", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem."}, {"lang": "es", "value": "En el NOKIA 1350 OMS R14.2, se produce una vulnerabilidad de inserci\u00f3n de informaci\u00f3n sensible en un archivo de registro de la aplicaci\u00f3n. La aplicaci\u00f3n web almacena informaci\u00f3n cr\u00edtica, como credenciales de usuario en texto claro, en archivos legibles por el mundo en el sistema de archivos"}], "lastModified": "2022-10-01T02:29:06.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nokia:1350_optical_management_system:14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDCBC1A5-9ECC-46DC-921E-26A429465151"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}