{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-36369", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-08-02T03:00:25.369Z", "datePublished": "2023-02-16T20:00:28.740Z", "dateUpdated": "2024-08-03T10:00:04.317Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-02-16T20:00:28.740Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}]}], "affected": [{"vendor": "n/a", "product": "QATzip software maintained by Intel(R)", "versions": [{"version": "before version 1.0.9", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.317Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:qatzip:*:*:*:*:*:*:*:*", "matchCriteriaId": "69950371-A78E-4141-9FD3-00B938E3E422", "versionEndExcluding": "1.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."}], "id": "CVE-2022-36369", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2023-02-16T21:15:13.280", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2022:7667", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "qatzip-0:1.0.9-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2023:3397", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "qatzip-0:1.1.2-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-05-31T00:00:00Z"}, {"advisory": "RHBA-2022:8256", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "qatzip-0:1.0.9-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2023:1976", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "qatzip-0:1.1.2-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-04-25T00:00:00Z"}], "bugzilla": {"description": "qatzip: local privilege escalation", "id": "2170784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170784"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A potential flaw was found in QATzip. This vulnerability may allow escalation of privileges."], "name": "CVE-2022-36369", "public_date": "2023-02-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-36369\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36369\nhttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html"], "threat_severity": "Important", "upstream_fix": "qatzip 1.0.9"}