CVE-2022-47551 — MEDIUM (6.5)

Q: How severe is CVE-2022-47551?

CVE-2022-47551 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-47551?

Check the references section above for vendor advisories and patch information. Affected products include: Apiman Apiman.

Vulnerability Description

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apiman	Apiman	>= 1.5.7, <= 2.2.3

Related Weaknesses (CWE)

CWE-276

References

https://www.apiman.io/blog/permissions-bypass-disclosure/Vendor Advisory
https://www.github.com/apiman/apimanThird Party Advisory
https://www.apiman.io/blog/permissions-bypass-disclosure/Vendor Advisory
https://www.github.com/apiman/apimanThird Party Advisory

FAQ

What is CVE-2022-47551?

CVE-2022-47551 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large c...

How severe is CVE-2022-47551?

CVE-2022-47551 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-47551?

Check the references section above for vendor advisories and patch information. Affected products include: Apiman Apiman.