CVE-2022-23320

EUVD-2022-28402
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
xeroxxmpie_ustore
12.3.7244.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://xmpie.com
https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/
https://www.xmpie.com/ustore-release-notes/
http://xmpie.com
https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/
https://www.xmpie.com/ustore-release-notes/