CVE-2022-43712

Published: Jul 26, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.

Affected (1)

Products: Gxsoftware: Xperiencentral

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gxsoftware Xperiencentral	Up to 10.36.0

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://service.gxsoftware.com/hc/en-us/articles/4717373636381-Vulnerability-in-Spring-core-Spring4Shell-

Source: cve@mitre.org

Vendor Advisory

https://service.gxsoftware.com/hc/nl/articles/12208173122461

Source: cve@mitre.org

Vendor Advisory

https://service.gxsoftware.com/hc/en-us/articles/4717373636381-Vulnerability-in-Spring-core-Spring4Shell-

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://service.gxsoftware.com/hc/nl/articles/12208173122461

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.