{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-25T14:38:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://varsnext.iriscorporate.com/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-26111", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://varsnext.iriscorporate.com/", "refsource": "MISC", "url": "https://varsnext.iriscorporate.com/"}, {"name": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf", "refsource": "MISC", "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:56:37.823Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://varsnext.iriscorporate.com/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-26111", "datePublished": "2022-04-25T14:38:12", "dateReserved": "2022-02-25T00:00:00", "dateUpdated": "2024-08-03T04:56:37.823Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canon:irisnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "457406A2-793E-41C3-923F-F7C236DF97DE", "versionEndIncluding": "9.8.28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server."}, {"lang": "es", "value": "Los componentes BeanShell de IRISNext versiones hasta 9.8.28, permiten una ejecuci\u00f3n de comandos arbitrarios en el servidor de destino mediante la creaci\u00f3n de una b\u00fasqueda personalizada (o la edici\u00f3n de una b\u00fasqueda existente/predefinida) de los documentos. Los componentes de b\u00fasqueda permiten a\u00f1adir expresiones BeanShell que resultan en una Ejecuci\u00f3n de C\u00f3digo Remota en el contexto del usuario de la aplicaci\u00f3n IRISNext, que es ejecutada en el servidor web"}], "id": "CVE-2022-26111", "lastModified": "2024-11-21T06:53:27.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-25T15:15:49.733", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://varsnext.iriscorporate.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://varsnext.iriscorporate.com/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-917"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}