Details of VAR-202302-1616

ID

VAR-202302-1616

CVE

CVE-2022-27234

TITLE

Intel's computer vision annotation tool Server-side request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020114

DESCRIPTION

Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. Intel's computer vision annotation tool Contains a server-side request forgery vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-27234 // JVNDB: JVNDB-2022-020114 // VULHUB: VHN-419869 // VULMON: CVE-2022-27234

AFFECTED PRODUCTS

vendor:	intel	model:	computer vision annotation tool	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	インテル	model:	computer vision annotation tool	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	computer vision annotation tool	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	computer vision annotation tool	scope:	eq	version:	2.0.1	Trust: 0.8

sources: JVNDB: JVNDB-2022-020114 // NVD: CVE-2022-27234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-27234
value:	MEDIUM
Trust: 1.0
secure@intel.com:	CVE-2022-27234
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-27234
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-1481
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-27234
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-27234
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-27234
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020114 // CNNVD: CNNVD-202302-1481 // NVD: CVE-2022-27234 // NVD: CVE-2022-27234

PROBLEMTYPE DATA

problemtype:	CWE-918	Trust: 1.1
problemtype:	Server-side request forgery (CWE-918) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-419869 // JVNDB: JVNDB-2022-020114 // NVD: CVE-2022-27234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1481

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1481

PATCH

title:

Intel CVAT Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227791

Trust: 0.6

sources: CNNVD: CNNVD-202302-1481

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27234	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-020114	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1481	Trust: 0.6
db:	VULHUB	id:	VHN-419869	Trust: 0.1
db:	VULMON	id:	CVE-2022-27234	Trust: 0.1

sources: VULHUB: VHN-419869 // VULMON: CVE-2022-27234 // JVNDB: JVNDB-2022-020114 // CNNVD: CNNVD-202302-1481 // NVD: CVE-2022-27234

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00762.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-27234	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-27234/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-419869 // VULMON: CVE-2022-27234 // JVNDB: JVNDB-2022-020114 // CNNVD: CNNVD-202302-1481 // NVD: CVE-2022-27234

SOURCES

db:	VULHUB	id:	VHN-419869
db:	VULMON	id:	CVE-2022-27234
db:	JVNDB	id:	JVNDB-2022-020114
db:	CNNVD	id:	CNNVD-202302-1481
db:	NVD	id:	CVE-2022-27234

LAST UPDATE DATE

2024-08-14T13:16:38.168000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419869	date:	2023-03-06T00:00:00
db:	VULMON	id:	CVE-2022-27234	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-020114	date:	2023-10-31T06:21:00
db:	CNNVD	id:	CNNVD-202302-1481	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2022-27234	date:	2023-03-06T17:21:50.943

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419869	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-27234	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-020114	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1481	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-27234	date:	2023-02-16T21:15:11.603