CVE-2022-45165: CVE-2022-45165 - Excellium Services

Abstract Advisory Information

A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection vulnerability.

Author: Dominique Righetto

Version affected

Name: Archibus Web Central

Versions: 2022.03.01.107

Common Vulnerability Scoring System

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Patch

none

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45165

Vulnerability Disclosure Timeline

• 29/07/2022: Vulnerability discovery
• 29/07/2022: Vulnerability Report to CERT-XLM
• 29/07/2022: Vulnerability Report to Vendor through Contact Form
• 29/07/2022: Vulnerability Report to Vendor through Investigation and Contact form
• 12/08/2022: Vulnerability Report to Vendor through Investigation
• 19/08/2022: Vulnerability Report to Vendor through Investigation and Contact form
• 22/08/2022: Vulnerability Report to Vendor through contact point
• 24/08/2022: Update asked to contact point
• 02/09/2022: Vulnerability Report to Vendor through contact point
• 06/09/2022: Acknowledge from vendor, update and explanation of the disclosure process sent to vendor.
• 10/11/2022: Request CVE ID to Mitre
• 18/11/2022: CVE IDs assigned CVE-2022-45165
• 30/11/2022: Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT