ID: CVE-2022-21225

Last Modified: Oct. 27, 2022

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Twitter Activity

Tweets last week: 15

Remaining steady

Yahoo Activity

Yahoo results: 322000000

Remaining steady

EPSS History

Current EPSS Score: 0.0089

Remaining steady


Reddit Activity

Reddit Posts: 2

Remaining steady

Github Repos

Github Repos: 1

Remaining steady

Exploits

Found exploits:

Attack Vector: Adjacent

Attack Complexity: Low

Privileges Required: Low

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: High

Availability: High

Base Score: 8.0

Exploitability Score: 2.1

Impact Score: 5.9

CVSS V3: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Specialize CVSS-Score

NVD-CWE-Other

Condition Configuration
OR
OR
Alle Schwachstellen für intel
Date: Oct. 27, 2022

CWE-ID: CWE-863



Date: Dec. 9, 2022

Reference:
added:
http://seclists.org/fulldisclosure/2022/Dec/1



Date: Dec. 9, 2022

Reference:
added:
http://packetstormsecurity.com/files/170180/Intel-Data-Center-Manager-4.1-SQL-Injection.html



                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*"/>
    </set>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
</set>