Vulnerabilities > CVE-2022-44014 - Unspecified vulnerability in Simmeth Lieferantenmanager

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

simmeth

NVD

Published: 2022-12-25

Updated: 2022-12-30

Summary

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.

Vulnerable Configurations

Part	Description	Count
Application	Simmeth Simmeth Lieferantenmanager *	1

References

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/