CVE Vulnerability

CVE-2022-29950

** DISPUTED ** Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gist.github.com/Voidager88/73c2d512a72cceb0ef84dbf87a497d10 Exploit Third Party Advisory
https://www.experian.in/hunter Product Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:experian:hunter:1.16:*:*:*:*:*:*:*
Information

Published : 2022-05-04 03:15

Updated : 2022-10-06 04:03

NVD link : CVE-2022-29950

Mitre link : CVE-2022-29950

Products Affected
No products.
CWE
NVD-CWE-noinfo