CVE-2022-36115 - OpenCVE

Vendors	Products
Ssctech	Blue Prism

Link	Resource
https://blueprism.com	Product
https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise	Vendor Advisory
https://portal.blueprism.com/security-vulnerabilities-august-2022	Permissions Required Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-25T22:54:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blueprism.com"}, {"tags": ["x_refsource_MISC"], "url": "https://portal.blueprism.com/security-vulnerabilities-august-2022"}, {"tags": ["x_refsource_MISC"], "url": "https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blueprism.com", "refsource": "MISC", "url": "https://blueprism.com"}, {"name": "https://portal.blueprism.com/security-vulnerabilities-august-2022", "refsource": "MISC", "url": "https://portal.blueprism.com/security-vulnerabilities-august-2022"}, {"name": "https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise", "refsource": "MISC", "url": "https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36115", "datePublished": "2022-08-25T22:54:40", "dateReserved": "2022-07-16T00:00:00", "dateUpdated": "2022-08-25T22:54:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ssctech:blue_prism:*:*:*:*:*:*:*:*", "matchCriteriaId": "1951FC8C-05E1-4483-B627-8D255F87F9C2", "versionEndExcluding": "7.1", "versionStartIncluding": "6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment."}, {"lang": "es", "value": "Se ha detectado un problema en Blue Prism Enterprise versiones 6.0 hasta 7.01. En un entorno configurado inapropiadamente que exponga el servidor de aplicaciones de Blue Prism, es posible que un usuario autenticado realice ingenier\u00eda inversa del software de Blue Prism y omita los controles de acceso para conseguir una funcionalidad no deseada. Un atacante puede abusar del m\u00e9todo CreateProcessAutosave() para inyectar su propia funcionalidad en un proceso de desarrollo. Si (tras una advertencia) un usuario decide recuperar el trabajo no guardado usando la \u00faltima versi\u00f3n guardada, el c\u00f3digo malicioso podr\u00eda entrar en el flujo de trabajo. Si las etapas de acci\u00f3n del proceso no son revisadas completamente antes de su publicaci\u00f3n, esto podr\u00eda resultar en que el c\u00f3digo malicioso sea ejecutado en un entorno de producci\u00f3n."}], "id": "CVE-2022-36115", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-25T23:15:08.257", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://blueprism.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprise"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://portal.blueprism.com/security-vulnerabilities-august-2022"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

JSON object

JSON object

JSON object