CVE-2022-34002 - Vulnerability Details - OpenCVE

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pdssoftware	Pds Vista 7

Configuration 1 [-]

cpe:2.3:a:pdssoftware:pds_vista_7:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion
https://assurainc.com

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-16T01:55:07

Updated: 2024-08-03T08:16:16.124Z

Reserved: 2022-06-19T00:00:00

Link: CVE-2022-34002

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-16T02:15:09.270

Modified: 2024-11-21T07:08:45.570

Link: CVE-2022-34002

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The \u2018document\u2019 parameter of PDS Vista 7\u2019s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T01:55:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://assurainc.com"}, {"tags": ["x_refsource_MISC"], "url": "https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-34002", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \u2018document\u2019 parameter of PDS Vista 7\u2019s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://assurainc.com", "refsource": "MISC", "url": "https://assurainc.com"}, {"name": "https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion", "refsource": "MISC", "url": "https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:16.124Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://assurainc.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-34002", "datePublished": "2022-09-16T01:55:07", "dateReserved": "2022-06-19T00:00:00", "dateUpdated": "2024-08-03T08:16:16.124Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pdssoftware:pds_vista_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "471A128C-3114-4606-9156-4A50D33F4DF0", "versionEndExcluding": "7.1.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The \u2018document\u2019 parameter of PDS Vista 7\u2019s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application."}, {"lang": "es", "value": "El par\u00e1metro \"document\" de la p\u00e1gina /application/documents/display.aspx de PDS Vista versi\u00f3n 7 es susceptible a una vulnerabilidad de inclusi\u00f3n de archivos locales que permite a un atacante autenticado poco privilegiado filtrar los archivos de configuraci\u00f3n y el c\u00f3digo fuente de la aplicaci\u00f3n web"}], "id": "CVE-2022-34002", "lastModified": "2024-11-21T07:08:45.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-16T02:15:09.270", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://assurainc.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://assura.atlassian.net/wiki/spaces/VULNS/pages/1843134469/CVE-2022-34002+Personnel+Data+Systems+PDS+Vista+7+-+Local+File+Inclusion"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://assurainc.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}