Details of VAR-202206-1117

ID

VAR-202206-1117

CVE

CVE-2022-23169

TITLE

Amodat Mobile Application Gateway SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-68952 // CNNVD: CNNVD-202206-1170

DESCRIPTION

attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. amodat of mobile application gateway for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Amodat Mobile Application Gateway is a mobile application gateway of the Israeli company Amodat. Attackers can use this vulnerability to execute illegal SQL commands to steal sensitive database data

Trust: 2.34

sources: NVD: CVE-2022-23169 // JVNDB: JVNDB-2022-012085 // CNVD: CNVD-2022-68952 // VULHUB: VHN-412065 // VULMON: CVE-2022-23169

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-68952

AFFECTED PRODUCTS

vendor:	amodat	model:	mobile application gateway	scope:	lt	version:	7.12.00.09	Trust: 1.6
vendor:	amodat	model:	mobile application gateway	scope:	eq	version:	7.12.00.09	Trust: 0.8
vendor:	amodat	model:	mobile application gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	amodat	model:	mobile application gateway	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-68952 // JVNDB: JVNDB-2022-012085 // NVD: CVE-2022-23169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23169
value:	HIGH
Trust: 1.0
cna@cyber.gov.il:	CVE-2022-23169
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-23169
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-68952
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202206-1170
value:	HIGH
Trust: 0.6
VULHUB:	VHN-412065
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-23169
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-23169
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-68952
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-412065
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-23169
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
cna@cyber.gov.il:	CVE-2022-23169
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23169
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-68952 // VULHUB: VHN-412065 // VULMON: CVE-2022-23169 // JVNDB: JVNDB-2022-012085 // CNNVD: CNNVD-202206-1170 // NVD: CVE-2022-23169 // NVD: CVE-2022-23169

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.1
problemtype:	SQL injection (CWE-89) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-412065 // JVNDB: JVNDB-2022-012085 // NVD: CVE-2022-23169

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1170

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202206-1170

PATCH

title:	Patch for Amodat Mobile Application Gateway SQL Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356721	Trust: 0.6
title:	Amodat Mobile Application Gateway SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197643	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2022-68952 // VULMON: CVE-2022-23169 // CNNVD: CNNVD-202206-1170

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23169	Trust: 4.0
db:	JVNDB	id:	JVNDB-2022-012085	Trust: 0.8
db:	CNVD	id:	CNVD-2022-68952	Trust: 0.7
db:	CNNVD	id:	CNNVD-202206-1170	Trust: 0.7
db:	VULHUB	id:	VHN-412065	Trust: 0.1
db:	VULMON	id:	CVE-2022-23169	Trust: 0.1

sources: CNVD: CNVD-2022-68952 // VULHUB: VHN-412065 // VULMON: CVE-2022-23169 // JVNDB: JVNDB-2022-012085 // CNNVD: CNNVD-202206-1170 // NVD: CVE-2022-23169

REFERENCES

url:	https://www.gov.il/en/departments/faq/cve_advisories	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23169	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-23169/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2022-68952 // VULHUB: VHN-412065 // VULMON: CVE-2022-23169 // JVNDB: JVNDB-2022-012085 // CNNVD: CNNVD-202206-1170 // NVD: CVE-2022-23169

SOURCES

db:	CNVD	id:	CNVD-2022-68952
db:	VULHUB	id:	VHN-412065
db:	VULMON	id:	CVE-2022-23169
db:	JVNDB	id:	JVNDB-2022-012085
db:	CNNVD	id:	CNNVD-202206-1170
db:	NVD	id:	CVE-2022-23169

LAST UPDATE DATE

2024-11-23T22:40:26.950000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-68952	date:	2022-10-14T00:00:00
db:	VULHUB	id:	VHN-412065	date:	2022-06-27T00:00:00
db:	VULMON	id:	CVE-2022-23169	date:	2022-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-012085	date:	2023-08-25T08:14:00
db:	CNNVD	id:	CNNVD-202206-1170	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2022-23169	date:	2024-11-21T06:48:07.353

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-68952	date:	2022-10-14T00:00:00
db:	VULHUB	id:	VHN-412065	date:	2022-06-13T00:00:00
db:	VULMON	id:	CVE-2022-23169	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-012085	date:	2023-08-25T00:00:00
db:	CNNVD	id:	CNNVD-202206-1170	date:	2022-06-13T00:00:00
db:	NVD	id:	CVE-2022-23169	date:	2022-06-13T17:15:09.763