{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36243", "assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "assignerShortName": "ShopBeat", "dateUpdated": "2023-05-30T00:00:00", "dateReserved": "2022-07-18T00:00:00", "datePublished": "2023-05-30T00:00:00"}, "containers": {"cna": {"title": "Directory Traversal on Shop Beat Services", "datePublic": "2023-05-23T00:00:00", "providerMetadata": {"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "shortName": "ShopBeat", "dateUpdated": "2023-05-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."}], "affected": [{"vendor": "Shop Beat", "product": "studio", "versions": [{"version": "studio", "status": "affected", "lessThan": "3.2.57", "versionType": "custom"}], "platforms": ["arm"]}], "references": [{"url": "https://www.shopbeat.co.za"}], "credits": [{"lang": "en", "value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-548 Information Exposure Through Directory Listing", "cweId": "CWE-548"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E", "versionEndExcluding": "3.2.57", "versionStartIncluding": "2.5.95", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."}], "id": "CVE-2022-36243", "lastModified": "2023-06-02T19:44:29.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-30T20:15:09.587", "references": [{"source": "support@shopbeat.co.za", "tags": ["Product"], "url": "https://www.shopbeat.co.za"}], "sourceIdentifier": "support@shopbeat.co.za", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-548"}], "source": "support@shopbeat.co.za", "type": "Secondary"}]}

{}