CVE-2022-43581

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.ibm.com/support/pages/node/6844453", "name": "https://www.ibm.com/support/pages/node/6844453", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238805", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238805", "tags": ["VDB Entry", "Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-43581", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2022-12-07T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:content_navigator:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.0.12", "versionStartIncluding": "3.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-10T03:07Z"}