{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45876", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-12-21T17:02:52.817Z", "datePublished": "2023-04-26T21:07:31.302Z", "dateUpdated": "2024-08-03T14:24:03.202Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VBASE", "vendor": "VISAM", "versions": [{"lessThan": "11.7.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Kimiya, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."}], "datePublic": "2023-03-21T21:05:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.</p>"}], "value": "Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-04-26T21:07:31.302Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05"}, {"url": "https://www.visam.com/kontakt.php"}, {"url": "https://www.vbase.net/en/download.php"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nVISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet. &nbsp;Users of machines without internet access must \nmanually update by submitting a <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.vbase.net/en/download.php\">request form</a>&nbsp;<span style=\"background-color: var(--wht);\">&nbsp;to receive a download link.</span><p>For more information, users should contact VISAM using the information provided on their <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.visam.com/kontakt.php\">contact page</a>&nbsp;<span style=\"background-color: var(--wht);\">&nbsp;(German language).</span></p>"}], "value": "VISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet. \u00a0Users of machines without internet access must \nmanually update by submitting a request form https://www.vbase.net/en/download.php \u00a0\u00a0to receive a download link.For more information, users should contact VISAM using the information provided on their contact page https://www.visam.com/kontakt.php \u00a0\u00a0(German language).\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "CVE-2022-45876", "x_generator": {"engine": "VINCE 2.0.7", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2022-45468"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.202Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05", "tags": ["x_transferred"]}, {"url": "https://www.visam.com/kontakt.php", "tags": ["x_transferred"]}, {"url": "https://www.vbase.net/en/download.php", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:visam:vbase:*:*:*:*:*:*:*:*", "matchCriteriaId": "66698568-7086-4708-B7C9-69AAAA8104DC", "versionEndExcluding": "11.7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n"}], "id": "CVE-2022-45876", "lastModified": "2023-05-05T20:13:57.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-26T22:15:08.737", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.vbase.net/en/download.php"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.visam.com/kontakt.php"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}