{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-45876","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2022-12-21T17:02:52.817Z","datePublished":"2023-04-26T21:07:31.302Z","dateUpdated":"2025-01-17T17:10:14.204Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VBASE","vendor":"VISAM","versions":[{"lessThan":"11.7.5","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Kimiya, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."}],"datePublic":"2023-03-21T21:05:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.

"}],"value":"Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-611","description":"CWE-611","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-04-26T21:07:31.302Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05"},{"url":"https://www.visam.com/kontakt.php"},{"url":"https://www.vbase.net/en/download.php"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nVISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet.  Users of machines without internet access must \nmanually update by submitting a request form  to receive a download link.

For more information, users should contact VISAM using the information provided on their contact page  (German language).

"}],"value":"VISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet.  Users of machines without internet access must \nmanually update by submitting a request form https://www.vbase.net/en/download.php   to receive a download link.For more information, users should contact VISAM using the information provided on their contact page https://www.visam.com/kontakt.php   (German language).\n\n"}],"source":{"discovery":"EXTERNAL"},"title":"CVE-2022-45876","x_generator":{"engine":"VINCE 2.0.7","env":"prod","origin":"https://cveawg.mitre.org/api/cve/CVE-2022-45468"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T14:24:03.202Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05","tags":["x_transferred"]},{"url":"https://www.visam.com/kontakt.php","tags":["x_transferred"]},{"url":"https://www.vbase.net/en/download.php","tags":["x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-01-17T17:01:26.608197Z","id":"CVE-2022-45876","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-17T17:10:14.204Z"}}]}}