CVE-2022-45171

{"id": "CVE-2022-45171", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-28T20:16:12.573", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en LIVEBOX Collaboration vDesk hasta v018. Se puede realizar una carga sin restricciones de un archivo con un tipo peligroso en la secci\u00f3n del sitio web de vShare. Un usuario remoto, autenticado en el producto, puede cargar arbitrariamente archivos potencialmente peligrosos sin restricciones."}], "lastModified": "2024-07-26T18:20:11.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:liveboxcloud:vdesk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59F30C76-FDF5-4D2E-A3CE-33EAB97AB650", "versionEndIncluding": "018"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}