CVE-2022-22790 - OpenCVE

SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the "Name" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Synel	Eharmony

Configuration 1 [-]

cpe:2.3:a:synel:eharmony:8.0.2.3:*:*:*:*:*:*:*

References

Link	Resource
https://www.gov.il/en/departments/faq/cve_advisories	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCD

Published: 2022-01-28T19:09:51

Updated: 2022-01-28T19:09:51

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22790

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-28T20:15:12.557

Modified: 2022-02-02T23:27:02.267

Link: CVE-2022-22790

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "Dudu Moyal & Gad Abuhatziera - Sophtix Security LTD"}], "descriptions": [{"lang": "en", "value": "SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the \"Name\" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-28T19:09:51", "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "value": "A patch was released, Update to eharmony version 11"}], "source": {"advisory": "ILVN-2022-0011", "defect": ["ILVN-2022-0011"], "discovery": "INTERNAL"}, "title": "SYNEL - eharmony Directory Traversal", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "INCD", "ASSIGNER": "cna@cyber.gov.il", "ID": "CVE-2022-22790", "STATE": "PUBLIC", "TITLE": "SYNEL - eharmony Directory Traversal"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Dudu Moyal & Gad Abuhatziera - Sophtix Security LTD"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the \"Name\" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.gov.il/en/departments/faq/cve_advisories", "refsource": "MISC", "url": "https://www.gov.il/en/departments/faq/cve_advisories"}]}, "solution": [{"lang": "en", "value": "A patch was released, Update to eharmony version 11"}], "source": {"advisory": "ILVN-2022-0011", "defect": ["ILVN-2022-0011"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "cveId": "CVE-2022-22790", "datePublished": "2022-01-28T19:09:51", "dateReserved": "2022-01-07T00:00:00", "dateUpdated": "2022-01-28T19:09:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synel:eharmony:8.0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA0512CA-19F5-4CEE-8323-A50E35277F31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the \"Name\" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload"}, {"lang": "es", "value": "SYNEL - eharmony presenta un Salto de Directorio. Un Salto de Directorio - es un ataque contra un servidor o una aplicaci\u00f3n web cuyo objetivo es el acceso no autorizado al sistema de archivos. en el par\u00e1metro \"Name\" el atacante puede volver al directorio root y abrir el archivo del host. La ruta expone los archivos confidenciales que los usuarios suben"}], "id": "CVE-2022-22790", "lastModified": "2022-02-02T23:27:02.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.2, "source": "cna@cyber.gov.il", "type": "Secondary"}]}, "published": "2022-01-28T20:15:12.557", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}