{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-43022","assignerOrgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","state":"PUBLISHED","assignerShortName":"hp","dateReserved":"2025-04-16T13:49:21.689Z","datePublished":"2025-07-22T23:05:24.070Z","dateUpdated":"2025-07-23T20:10:32.249Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"Poly Clariti Manager","vendor":"HP Inc.","versions":[{"status":"affected","version":"See HP Security Bulletin reference for affected versions."}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A potential SQL injection vulnerability has been identified in the Poly\nClariti Manager for versions prior to 10.12.1. The vulnerability could allow\na privileged user to execute SQL commands. HP has addressed the issue in\nthe latest software update.\n\n\n\n<br>"}],"value":"A potential SQL injection vulnerability has been identified in the Poly\nClariti Manager for versions prior to 10.12.1. The vulnerability could allow\na privileged user to execute SQL commands. HP has addressed the issue in\nthe latest software update."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":7.3,"baseSeverity":"HIGH","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","shortName":"hp","dateUpdated":"2025-07-22T23:05:24.070Z"},"references":[{"url":"https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037"}],"source":{"discovery":"UNKNOWN"},"title":"Poly Clariti Manager - Multiple Security Vulnerabilities","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-23T20:10:21.143873Z","id":"CVE-2025-43022","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-23T20:10:32.249Z"}}]}}