CVE-2022-0757 - Vulnerability Details - OpenCVE

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00156.

Key SSVC decision points have not yet been added.

Vendors	Products
Rapid7	Nexpose

Configuration 1 [-]

cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-15820	Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.rapid7.com/release-notes/nexpose/20220302/

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2022-03-17T22:30:18.220701Z

Updated: 2024-09-16T17:48:14.153Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-0757

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-17T23:15:07.610

Modified: 2024-11-21T06:39:20.110

Link: CVE-2022-0757

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Nexpose", "vendor": "Rapid7", "versions": [{"lessThan": "6.6.93", "status": "affected", "version": "6.6.93", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Aleksey Solovev"}], "datePublic": "2022-03-02T00:00:00", "descriptions": [{"lang": "en", "value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-04T14:35:09", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"}], "source": {"discovery": "UNKNOWN"}, "title": "Rapid7 Nexpose SQL Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2022-03-02T00:00:00.000Z", "ID": "CVE-2022-0757", "STATE": "PUBLIC", "TITLE": "Rapid7 Nexpose SQL Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nexpose", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "6.6.93", "version_value": "6.6.93"}]}}]}, "vendor_name": "Rapid7"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Aleksey Solovev"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://docs.rapid7.com/release-notes/nexpose/20220302/", "refsource": "CONFIRM", "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "UNKNOWN"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:40:03.752Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2022-0757", "datePublished": "2022-03-17T22:30:18.220701Z", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-09-16T17:48:14.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6486C49-C857-420B-A0BA-E029CE123933", "versionEndIncluding": "6.6.93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."}, {"lang": "es", "value": "Las versiones 6.6.93 y anteriores de Rapid7 Nexpose son susceptibles de una vulnerabilidad de inyecci\u00f3n SQL, por la que no se definen operadores de b\u00fasqueda v\u00e1lidos. Esta falta de validaci\u00f3n puede permitir que un atacante autenticado que haya iniciado sesi\u00f3n manipule los operadores \"ANY\" y \"OR\" en los SearchCriteria e inyecte c\u00f3digo SQL. Este problema se ha solucionado en la versi\u00f3n 6.6.129 de Rapid7 Nexpose"}], "id": "CVE-2022-0757", "lastModified": "2024-11-21T06:39:20.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cve@rapid7.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-17T23:15:07.610", "references": [{"source": "cve@rapid7.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}