CVE-2022-40184 — MEDIUM (5.1)

Q: How severe is CVE-2022-40184?

CVE-2022-40184 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-40184?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Videojet Multi 4000 Firmware, Bosch Videojet Multi 4000.

Vulnerability Description

Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Bosch	Videojet Multi 4000 Firmware	<= 6.31.0010
Bosch	Videojet Multi 4000	-

Related Weaknesses (CWE)

CWE-79

References

https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.htmlPatchVendor Advisory
https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.htmlPatchVendor Advisory

FAQ

What is CVE-2022-40184?

CVE-2022-40184 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript c...

How severe is CVE-2022-40184?

CVE-2022-40184 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40184?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Videojet Multi 4000 Firmware, Bosch Videojet Multi 4000.