CVE-2022-44013

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-44013
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/ Exploit Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:simmeth:lieferantenmanager:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2022-12-25 05:15

Updated : 2025-04-15 14:15

NVD link : CVE-2022-44013

Mitre link : CVE-2022-44013

CVE.ORG link : CVE-2022-44013

JSON object : View

Products Affected

simmeth

  • lieferantenmanager
CWE
CWE-306

Missing Authentication for Critical Function