CVE-2022-36276 — CRITICAL (9.9)

Vulnerability Description

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Tcman	Gim	8.0.1

Related Weaknesses (CWE)

CWE-89

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmaThird Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmaThird Party Advisory

FAQ

What is CVE-2022-36276?

CVE-2022-36276 is a vulnerability with a CVSS score of 9.9 (CRITICAL). TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interac...

How severe is CVE-2022-36276?

CVE-2022-36276 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-36276?

Check the references section above for vendor advisories and patch information. Affected products include: Tcman Gim.