CVE-2022-26111

HIGH

8.8

Descricao

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

Detalhes CVE

Pontuacao CVSS v3.18.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado4/25/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

canon:irisnext

Fraquezas (CWE)

CWE-917

Referencias

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf(cve@mitre.org)

https://varsnext.iriscorporate.com/(cve@mitre.org)

https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://varsnext.iriscorporate.com/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.