CVE-2022-26111

HIGH

8.8

Description

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie4/25/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

canon:irisnext

Faiblesses (CWE)

CWE-917

References

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf(cve@mitre.org)

https://varsnext.iriscorporate.com/(cve@mitre.org)

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://varsnext.iriscorporate.com/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.