CVE-2022-24036

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24036
Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://karmasis.com/urunlerimiz/infraskope-siem/ Product
https://www.usom.gov.tr/bildirim/tr-22-0691 Third Party Advisory
https://karmasis.com/urunlerimiz/infraskope-siem/ Product
https://www.usom.gov.tr/bildirim/tr-22-0691 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:karmasis:infraskope_siem\+:*:*:*:*:*:*:*:*
History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://karmasis.com/urunlerimiz/infraskope-siem/ - Product () https://karmasis.com/urunlerimiz/infraskope-siem/ - Product
References () https://www.usom.gov.tr/bildirim/tr-22-0691 - Third Party Advisory () https://www.usom.gov.tr/bildirim/tr-22-0691 - Third Party Advisory

17 Sep 2024, 04:16

Type Values Removed Values Added
Summary (en) Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. (en) Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.

28 Dec 2023, 19:24

Type Values Removed Values Added
CPE cpe:2.3:a:karmasis:infraskope_security_event_manager:*:*:*:*:*:*:*:* cpe:2.3:a:karmasis:infraskope_siem\+:*:*:*:*:*:*:*:*
First Time Karmasis infraskope Siem\+
References (MISC) https://karmasis.com/urunlerimiz/infraskope-siem/ - (MISC) https://karmasis.com/urunlerimiz/infraskope-siem/ - Product

16 Apr 2023, 11:15

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-284
References
  • (MISC) https://karmasis.com/urunlerimiz/infraskope-siem/ -
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 8.6
Summary Karmasis informatics solutions Infraskope Security Event Manager product has an unauthenticated access which could allow an unauthenticated attacker to modificate logs. Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.
Information

Published : 2022-11-16 12:15

Updated : 2024-11-21 06:49

NVD link : CVE-2022-24036

Mitre link : CVE-2022-24036

CVE.ORG link : CVE-2022-24036

JSON object : View

Products Affected

karmasis

  • infraskope_siem\+
CWE
CWE-284

Improper Access Control

NVD-CWE-Other