{"containers": {"cna": {"affected": [{"product": "Ivanti Incapptic Connect", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in version 1.40.1"}]}], "descriptions": [{"lang": "en", "value": "A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-04T16:15:00.000Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://forums.ivanti.com/s/article/SA-2022-02-23?language=en_US"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2022-21828", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ivanti Incapptic Connect", "version": {"version_data": [{"version_value": "Fixed in version 1.40.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Deserialization of Untrusted Data (CWE-502)"}]}]}, "references": {"reference_data": [{"name": "https://forums.ivanti.com/s/article/SA-2022-02-23?language=en_US", "refsource": "MISC", "url": "https://forums.ivanti.com/s/article/SA-2022-02-23?language=en_US"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:36.277Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://forums.ivanti.com/s/article/SA-2022-02-23?language=en_US"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-21828", "datePublished": "2022-03-04T16:15:00.000Z", "dateReserved": "2021-12-10T00:00:00.000Z", "dateUpdated": "2024-08-03T02:53:36.277Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.35.3:*:*:*:*:*:*:*", "matchCriteriaId": "84D66A38-99B0-4D11-B537-1365427A2B8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.35.4:*:*:*:*:*:*:*", "matchCriteriaId": "7620D67A-3F0A-47B5-9A8E-ABB74F5811B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.35.5:*:*:*:*:*:*:*", "matchCriteriaId": "664E657A-47AB-47EA-B123-DE8FB27F3324", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2769912-EE72-4F82-A965-38FB85D249D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "A62F84DF-87AE-4747-8BC5-13DDF5D304F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.37.1:*:*:*:*:*:*:*", "matchCriteriaId": "32126789-6BF1-4FC0-B419-0E9978F5C646", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.38.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5943C9D-5329-45EF-AF66-59AD34D157B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.38.1:*:*:*:*:*:*:*", "matchCriteriaId": "B30CC96E-0351-47A2-A076-9BDA9D41298F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "55A30D9B-927D-4F0B-B6CC-A9BF07150381", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.39.1:*:*:*:*:*:*:*", "matchCriteriaId": "37C09E2C-4859-4A4B-A136-8CC46376CF3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:incapptic_connect:1.40.0:*:*:*:*:*:*:*", "matchCriteriaId": "D46B01F3-E9AE-4C2A-AD8D-28FFF049F7AE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3."}, {"lang": "es", "value": "Un usuario con acceso de alto privilegio a la consola web de Incapptic Connect puede ejecutar c\u00f3digo de forma remota en el servidor de Incapptic Connect usando un vector de ataque no especificado en las versiones de Incapptic Connect versiones 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 y 1.35.3"}], "id": "CVE-2022-21828", "lastModified": "2024-11-21T06:45:31.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-04T17:15:07.897", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://forums.ivanti.com/s/article/SA-2022-02-23?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://forums.ivanti.com/s/article/SA-2022-02-23?language=en_US"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}