Details of VAR-202302-1779

ID

VAR-202302-1779

CVE

CVE-2022-48341

TITLE

ThingsBoard, Inc. of ThingsBoard Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004496

DESCRIPTION

ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. ThingsBoard, Inc. of ThingsBoard Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Thingsboard is a Java-based platform of the Thingsboard team for IOT device monitoring, management, and data collection. There is a security vulnerability in Thingsboard version 3.4.1

Trust: 2.25

sources: NVD: CVE-2022-48341 // JVNDB: JVNDB-2023-004496 // CNNVD: CNNVD-202302-1905 // VULMON: CVE-2022-48341

AFFECTED PRODUCTS

vendor:	thingsboard	model:	thingsboard	scope:	eq	version:	3.4.1	Trust: 1.8
vendor:	thingsboard	model:	thingsboard	scope:	eq	version:	-	Trust: 0.8
vendor:	thingsboard	model:	thingsboard	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-004496 // NVD: CVE-2022-48341

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-48341
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202302-1905
value:	HIGH
Trust: 0.6

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-48341
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004496 // NVD: CVE-2022-48341 // CNNVD: CNNVD-202302-1905

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-004496 // NVD: CVE-2022-48341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1905

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1905

CONFIGURATIONS

sources: NVD: CVE-2022-48341

PATCH

title:

Thingsboard Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=227617

Trust: 0.6

sources: CNNVD: CNNVD-202302-1905

EXTERNAL IDS

db:	NVD	id:	CVE-2022-48341	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-004496	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1905	Trust: 0.6
db:	VULMON	id:	CVE-2022-48341	Trust: 0.1

sources: VULMON: CVE-2022-48341 // JVNDB: JVNDB-2023-004496 // NVD: CVE-2022-48341 // CNNVD: CNNVD-202302-1905

REFERENCES

url:	https://thingsboard.io/docs/reference/releases/	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/238543	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-48341	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-48341/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-48341 // JVNDB: JVNDB-2023-004496 // NVD: CVE-2022-48341 // CNNVD: CNNVD-202302-1905

SOURCES

db:	VULMON	id:	CVE-2022-48341
db:	JVNDB	id:	JVNDB-2023-004496
db:	NVD	id:	CVE-2022-48341
db:	CNNVD	id:	CNNVD-202302-1905

LAST UPDATE DATE

2023-12-18T13:11:34.990000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-48341	date:	2023-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-004496	date:	2023-10-31T01:20:00
db:	NVD	id:	CVE-2022-48341	date:	2023-03-03T02:33:34.453
db:	CNNVD	id:	CNNVD-202302-1905	date:	2023-03-06T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-48341	date:	2023-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-004496	date:	2023-10-31T00:00:00
db:	NVD	id:	CVE-2022-48341	date:	2023-02-23T06:15:10.267
db:	CNNVD	id:	CNNVD-202302-1905	date:	2023-02-23T00:00:00