Vulnerability-Lookup

CVE-2022-42443 (GCVE-0-2022-42443)

Vulnerability from cvelistv5 – Published: 2024-02-17 16:10 – Updated: 2024-08-03 13:10

Title

Trusteer for mobile file upload

Summary

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.

Severity ?

2.2 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6967785	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry

Impacted products

Vendor

Product

Version

Affected: 5.7

Affected: 5.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-42443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T20:19:22.049958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T20:19:29.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:10:40.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6967785"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Trusteer iOS SDK",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Trusteer Android SDK",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535."
            }
          ],
          "value": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-17T16:10:43.683Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6967785"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Trusteer for mobile file upload",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-42443",
    "datePublished": "2024-02-17T16:10:43.683Z",
    "dateReserved": "2022-10-06T15:51:26.501Z",
    "dateUpdated": "2024-08-03T13:10:40.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-42443",
      "date": "2026-05-04",
      "epss": "0.00062",
      "percentile": "0.19058"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-42443\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-02-17T17:15:07.973\",\"lastModified\":\"2025-01-22T17:11:53.350\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535.\"},{\"lang\":\"es\",\"value\":\"Un problema no revelado en Trusteer iOS SDK para versiones m\u00f3viles anteriores a 5.7 y Trusteer Android SDK para versiones m\u00f3viles anteriores a 5.7 puede permitir la carga de archivos. ID de IBM X-Force: 238535.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.2,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:trusteer_android_sdk_for_mobile:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7\",\"matchCriteriaId\":\"7A4DE486-C3A9-4A07-BACC-EC57828C7392\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:trusteer_ios_sdk_for_mobile:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7\",\"matchCriteriaId\":\"BF814EDD-7EB5-40B3-8928-36D699F96F50\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/238535\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6967785\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/238535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6967785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/6967785\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/238535\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:10:40.868Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-42443\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-27T20:19:22.049958Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-27T20:19:26.176Z\"}}], \"cna\": {\"title\": \"Trusteer for mobile file upload\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"IBM\", \"product\": \"Trusteer iOS SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.7\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"Trusteer Android SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.7\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/6967785\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/238535\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-02-17T16:10:43.683Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-42443\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-03T13:10:40.868Z\", \"dateReserved\": \"2022-10-06T15:51:26.501Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-02-17T16:10:43.683Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-RXJ9-QX32-5MW6

Vulnerability from github – Published: 2024-02-17 18:30 – Updated: 2024-02-17 18:30

Details

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.

Severity ?

2.2 (Low)


                  
                    CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-42443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-17T17:15:07Z",
    "severity": "LOW"
  },
  "details": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535.",
  "id": "GHSA-rxj9-qx32-5mw6",
  "modified": "2024-02-17T18:30:31Z",
  "published": "2024-02-17T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42443"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6967785"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-42443

Vulnerability from fkie_nvd - Published: 2024-02-17 17:15 - Updated: 2025-01-22 17:11

Severity ?

2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/238535	Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6967785	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/238535	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6967785	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	trusteer_android_sdk_for_mobile	*
	ibm	trusteer_ios_sdk_for_mobile	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trusteer_android_sdk_for_mobile:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4DE486-C3A9-4A07-BACC-EC57828C7392",
              "versionEndExcluding": "5.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trusteer_ios_sdk_for_mobile:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF814EDD-7EB5-40B3-8928-36D699F96F50",
              "versionEndExcluding": "5.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535."
    },
    {
      "lang": "es",
      "value": "Un problema no revelado en Trusteer iOS SDK para versiones m\u00f3viles anteriores a 5.7 y Trusteer Android SDK para versiones m\u00f3viles anteriores a 5.7 puede permitir la carga de archivos. ID de IBM X-Force: 238535."
    }
  ],
  "id": "CVE-2022-42443",
  "lastModified": "2025-01-22T17:11:53.350",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.2,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-17T17:15:07.973",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6967785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6967785"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-42443

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.

Aliases

CVE-2022-42443

Aliases

CVE-2022-42443

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-42443",
    "id": "GSD-2022-42443"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-42443"
      ],
      "details": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535.",
      "id": "GSD-2022-42443",
      "modified": "2023-12-13T01:19:10.865722Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2022-42443",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trusteer iOS SDK",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "5.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Trusteer Android SDK",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "5.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-434",
                "lang": "eng",
                "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/6967785",
            "refsource": "MISC",
            "url": "https://www.ibm.com/support/pages/node/6967785"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files.  IBM X-Force ID:  238535."
          },
          {
            "lang": "es",
            "value": "Un problema no revelado en Trusteer iOS SDK para versiones m\u00f3viles anteriores a 5.7 y Trusteer Android SDK para versiones m\u00f3viles anteriores a 5.7 puede permitir la carga de archivos. ID de IBM X-Force: 238535."
          }
        ],
        "id": "CVE-2022-42443",
        "lastModified": "2024-02-20T19:50:53.960",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.7,
              "impactScore": 1.4,
              "source": "psirt@us.ibm.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-17T17:15:07.973",
        "references": [
          {
            "source": "psirt@us.ibm.com",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535"
          },
          {
            "source": "psirt@us.ibm.com",
            "url": "https://www.ibm.com/support/pages/node/6967785"
          }
        ],
        "sourceIdentifier": "psirt@us.ibm.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-434"
              }
            ],
            "source": "psirt@us.ibm.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CNVD-2024-11742

Vulnerability from cnvd - Published: 2024-03-07

Title

IBM Trusteer代码问题漏洞

Description

IBM Trusteer是美国国际商业机器（IBM）公司的一个安全解决方案套件，专注于提供用于防范网络犯罪和保护终端用户的安全工具。 IBM Trusteer存在代码问题漏洞，该漏洞源于存在某些未公开的问题，可能允许上传文件。目前没有详细的漏洞细节提供。

Severity

低

Patch Name

IBM Trusteer代码问题漏洞的补丁

Patch Description

IBM Trusteer是美国国际商业机器（IBM）公司的一个安全解决方案套件，专注于提供用于防范网络犯罪和保护终端用户的安全工具。 IBM Trusteer存在代码问题漏洞，该漏洞源于存在某些未公开的问题，可能允许上传文件。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/6967785

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/238535

Impacted products

Name
IBM Trusteer iOS SDK for mobile <5.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-42443"
    }
  },
  "description": "IBM Trusteer\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u5957\u4ef6\uff0c\u4e13\u6ce8\u4e8e\u63d0\u4f9b\u7528\u4e8e\u9632\u8303\u7f51\u7edc\u72af\u7f6a\u548c\u4fdd\u62a4\u7ec8\u7aef\u7528\u6237\u7684\u5b89\u5168\u5de5\u5177\u3002\n\nIBM Trusteer\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u67d0\u4e9b\u672a\u516c\u5f00\u7684\u95ee\u9898\uff0c\u53ef\u80fd\u5141\u8bb8\u4e0a\u4f20\u6587\u4ef6\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/6967785",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-11742",
  "openTime": "2024-03-07",
  "patchDescription": "IBM Trusteer\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u5957\u4ef6\uff0c\u4e13\u6ce8\u4e8e\u63d0\u4f9b\u7528\u4e8e\u9632\u8303\u7f51\u7edc\u72af\u7f6a\u548c\u4fdd\u62a4\u7ec8\u7aef\u7528\u6237\u7684\u5b89\u5168\u5de5\u5177\u3002\r\n\r\nIBM Trusteer\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u67d0\u4e9b\u672a\u516c\u5f00\u7684\u95ee\u9898\uff0c\u53ef\u80fd\u5141\u8bb8\u4e0a\u4f20\u6587\u4ef6\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Trusteer\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM Trusteer iOS SDK for mobile \u003c5.7"
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238535",
  "serverity": "\u4f4e",
  "submitTime": "2024-02-22",
  "title": "IBM Trusteer\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-42443 (GCVE-0-2022-42443)

GHSA-RXJ9-QX32-5MW6

FKIE_CVE-2022-42443

GSD-2022-42443

CNVD-2024-11742

Tags

Sightings

Nomenclature