{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45338", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-21T14:36:55.681Z", "dateReserved": "2022-11-14T00:00:00.000Z", "datePublished": "2022-12-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:56.938Z"}, "title": "CVE Program Container", "references": [{"url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T14:36:21.396527Z", "id": "CVE-2022-45338", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T14:36:55.681Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:56.938Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-45338", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-21T14:36:21.396527Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T14:36:49.695Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272"}], "descriptions": [{"lang": "en", "value": "An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-15T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45338", "state": "PUBLISHED", "dateUpdated": "2025-04-21T14:36:55.681Z", "dateReserved": "2022-11-14T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-12-15T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:-:*:*:enterprise:*:*:*", "matchCriteriaId": "6BA9DEEE-EDE4-4B1A-8DB9-9E96CCA42489", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp1:*:*:enterprise:*:*:*", "matchCriteriaId": "B8F09D5D-C529-496B-ADB1-123C5A66AFB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp10:*:*:enterprise:*:*:*", "matchCriteriaId": "ABC81240-9458-4624-A4C1-2CB8C665E969", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp11:*:*:enterprise:*:*:*", "matchCriteriaId": "EDA14DD6-A17B-43FE-BA45-290A86418210", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp12:*:*:enterprise:*:*:*", "matchCriteriaId": "DD5E6FA6-C252-4078-AE10-CABBDDDFDF9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp2:*:*:enterprise:*:*:*", "matchCriteriaId": "3B33AF72-27CE-4C6A-A5C0-5ACB4B043E54", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp3:*:*:enterprise:*:*:*", "matchCriteriaId": "581CA5AA-E6AB-4693-A01B-23B6BD79CA6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp4:*:*:enterprise:*:*:*", "matchCriteriaId": "EE3AE6F3-4BB4-4BF1-8FBA-2FEE539F81FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp5:*:*:enterprise:*:*:*", "matchCriteriaId": "046D0970-3A43-49ED-AFFD-DADECA360E20", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp6:*:*:enterprise:*:*:*", "matchCriteriaId": "578F3276-2E44-4113-A00C-92486630438E", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp7:*:*:enterprise:*:*:*", "matchCriteriaId": "1287BF67-6237-4883-A05E-7A227DFCD686", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp8:*:*:enterprise:*:*:*", "matchCriteriaId": "DBD1500E-CEAC-4894-9ED1-F884D174FB70", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:267:sp9:*:*:enterprise:*:*:*", "matchCriteriaId": "9D704BBC-1AA2-46DD-8E3E-FD1720032948", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:-:*:*:enterprise:*:*:*", "matchCriteriaId": "C1ABB366-F082-4F82-A498-51AFA46D3EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp1:*:*:enterprise:*:*:*", "matchCriteriaId": "3AEFEF28-980E-4716-8649-4D379C637BC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp2:*:*:enterprise:*:*:*", "matchCriteriaId": "CA664DB4-D7F1-4B55-97CB-B20AD6BDB78F", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp3:*:*:enterprise:*:*:*", "matchCriteriaId": "AF9E5DB4-1DBC-4619-BDB9-2E519E3103EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp4:*:*:enterprise:*:*:*", "matchCriteriaId": "986FA7D8-EA82-4A33-93E2-47EEBD1257DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:exactsoftware:exact_synergy:500:sp5:*:*:enterprise:*:*:*", "matchCriteriaId": "BB8D464E-7A36-456A-8C3D-D077B3F62DD2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file."}, {"lang": "es", "value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n de carga de im\u00e1genes de perfil de Exact Synergy Enterprise 267 anterior a 267SP13 y Exact Synergy Enterprise 500 anterior a 500SP6 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SVG dise\u00f1ado."}], "id": "CVE-2022-45338", "lastModified": "2025-04-21T15:15:55.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-15T23:15:10.407", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}