First published: Mon Feb 07 2022(Updated: )
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xerox Xmpie Ustore | =12.3.7244.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23320 is a vulnerability in XMPie uStore 12.3.7244.0 that allows administrators to generate reports based on raw SQL queries.
The severity of CVE-2022-23320 is high, with a severity value of 7.5.
CVE-2022-23320 allows attackers with default administrative credentials to authenticate into XMPie uStore 12.3.7244.0 and exfiltrate sensitive information from the database.
To fix CVE-2022-23320, it is recommended to update XMPie uStore to a version that resolves the vulnerability.
More information about CVE-2022-23320 can be found at the following references: http://xmpie.com, https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29, https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/