Vulnerability Description
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xerox | Xmpie Ustore | 12.3.7244.0 |
Related Weaknesses (CWE)
References
- http://xmpie.comVendor Advisory
- https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentThird Party Advisory
- https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ExploitThird Party Advisory
- https://www.xmpie.com/ustore-release-notes/Release NotesVendor Advisory
- http://xmpie.comVendor Advisory
- https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentThird Party Advisory
- https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ExploitThird Party Advisory
- https://www.xmpie.com/ustore-release-notes/Release NotesVendor Advisory
FAQ
What is CVE-2022-23320?
CVE-2022-23320 is a vulnerability with a CVSS score of 7.5 (HIGH). XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into ...
How severe is CVE-2022-23320?
CVE-2022-23320 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23320?
Check the references section above for vendor advisories and patch information. Affected products include: Xerox Xmpie Ustore.