VDB
CVE-2022-23854
CVE-2022-23854
PUBLISHED
CVSS 6.900000095367432 MEDIUM
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
EPSS 92.18% · 99.7th percentile
Risk Scores
CVSS 3.1
6.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
EPSS Score
92.18%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| jquery | jQuery | >= 1.12.0, < 3.5.0 |
| N/A | N/A | |
| aveva | intouch_access_anywhere | 2020, 0, 2020 |
Exploit Intelligence
- Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
- Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
- Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
- Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
…and 194 more exploits
Timeline
- Apr 7, 2022 PoC Published
- Apr 22, 2022 PoC Published
- Sep 9, 2022 PoC Published
- Nov 11, 2022 PoC Published
- Dec 23, 2022 CVE Published
- Dec 24, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Jun 5, 2023 EPSS Score
- Jun 24, 2023 EPSS Score
- Oct 7, 2023 EPSS Score
- Oct 21, 2023 PoC Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf advisory
- https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 url
- https://github.com/maximebf/php-debugbar/issues/447 url
- https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 url
- https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W url
- https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html url
- https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html url
- https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html url
- https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html url
- https://security.gentoo.org/glsa/202007-03 url
- https://www.debian.org/security/2020/dsa-4693 url
- https://www.drupal.org/sa-core-2020-002 url
- https://www.oracle.com/security-alerts/cpuApr2021.html url
- https://www.oracle.com/security-alerts/cpuapr2022.html url
…and 61 more