CVE-2022-39289 — Vulnetix

CVE-2022-39289 PUBLISHED CVSS 9.100000381469727 CRITICAL

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

EPSS 0.37% · 59.2th percentile

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.37%

59.2th percentile

Affected Products

Vendor	Product	Versions
zoneminder	zoneminder	0, 1.37.0
ZoneMinder	zoneminder	,

Timeline

Oct 7, 2022 CVE Published
Oct 8, 2022 EPSS Score
Nov 21, 2022 EPSS Score
Jan 4, 2023 EPSS Score
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 16, 2023 EPSS Score
Jun 29, 2023 EPSS Score
Aug 12, 2023 EPSS Score
Sep 26, 2023 EPSS Score
Nov 9, 2023 EPSS Score

References

https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 url
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488 url

Open in Interactive Console →