CVE-2022-40199

Published Sep 27, 2022

Last updated 2 years ago

CVSS low 2.7

Overview

Description: Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 2.7
Impact score: 1.4
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CB1CDC4-2EB3-4003-B9C2-A2B0819685C4",
            "versionEndExcluding": "3.0.18",
            "versionStartIncluding": "3.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8AAB855-540E-4D14-9BDD-AA377E0EB91A",
            "versionEndIncluding": "4.1.2",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D6A3FBD-7161-461D-B165-E3BCA42BBB2A"
          },
          {
            "criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10F6D9C1-B4F3-44D8-B266-787DA62228E2"
          },
          {
            "criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B10AA450-F786-4AFD-9F26-9B2E2D57C5C2"
          },
          {
            "criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D30A28C-609A-4B6F-B257-7A577133A9FE"
          },
          {
            "criteria": "cpe:2.3:a:ec-cube:ec-cube:3.0.18:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7530D411-D883-48E4-8D3F-6E6AEF7398E8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References