Sign-up

ID

VAR-202211-0749


CVE

CVE-2022-39069


TITLE

ZTE  of  zaip-aie  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-020567

DESCRIPTION

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content

Trust: 1.71

sources: NVD: CVE-2022-39069 // JVNDB: JVNDB-2022-020567 // VULHUB: VHN-434842

AFFECTED PRODUCTS

vendor:ztemodel:zaip-aiescope:ltversion:8.22.02

Trust: 1.0

vendor:ztemodel:zaip-aiescope: - version: -

Trust: 0.8

vendor:ztemodel:zaip-aiescope:eqversion: -

Trust: 0.8

vendor:ztemodel:zaip-aiescope:eqversion:8.22.02

Trust: 0.8

sources: JVNDB: JVNDB-2022-020567 // NVD: CVE-2022-39069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-39069
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-39069
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-39069
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2336
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-39069
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2022-39069
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020567 // CNNVD: CNNVD-202211-2336 // NVD: CVE-2022-39069 // NVD: CVE-2022-39069

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-434842 // JVNDB: JVNDB-2022-020567 // NVD: CVE-2022-39069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2336

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202211-2336

PATCH

title:ZTE ZAIP-AIE SQL Repair measures for injecting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213748

Trust: 0.6

sources: CNNVD: CNNVD-202211-2336

EXTERNAL IDS

db:NVDid:CVE-2022-39069

Trust: 3.3

db:ZTEid:1026604

Trust: 2.5

db:JVNDBid:JVNDB-2022-020567

Trust: 0.8

db:CNNVDid:CNNVD-202211-2336

Trust: 0.6

db:VULHUBid:VHN-434842

Trust: 0.1

sources: VULHUB: VHN-434842 // JVNDB: JVNDB-2022-020567 // CNNVD: CNNVD-202211-2336 // NVD: CVE-2022-39069

REFERENCES

url:https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1026604

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-39069

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-39069/

Trust: 0.6

sources: VULHUB: VHN-434842 // JVNDB: JVNDB-2022-020567 // CNNVD: CNNVD-202211-2336 // NVD: CVE-2022-39069

SOURCES

db:VULHUBid:VHN-434842
db:JVNDBid:JVNDB-2022-020567
db:CNNVDid:CNNVD-202211-2336
db:NVDid:CVE-2022-39069

LAST UPDATE DATE

2025-05-01T23:21:31.929000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-434842date:2022-11-09T00:00:00
db:JVNDBid:JVNDB-2022-020567date:2023-11-02T08:04:00
db:CNNVDid:CNNVD-202211-2336date:2022-11-10T00:00:00
db:NVDid:CVE-2022-39069date:2025-05-01T14:15:27.523

SOURCES RELEASE DATE

db:VULHUBid:VHN-434842date:2022-11-08T00:00:00
db:JVNDBid:JVNDB-2022-020567date:2023-11-02T00:00:00
db:CNNVDid:CNNVD-202211-2336date:2022-11-08T00:00:00
db:NVDid:CVE-2022-39069date:2022-11-08T18:15:11.343