{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T22:30:56.478","vulnerabilities":[{"cve":{"id":"CVE-2022-24830","sourceIdentifier":"security-advisories@github.com","published":"2022-05-14T00:15:07.940","lastModified":"2024-11-21T06:51:11.570","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade."},{"lang":"es","value":"OpenClinica es un software de código abierto para la captura de datos electrónicos (EDC) y la administración de datos clínicos (CDM). OpenClinica versiones anteriores a 3.16, es vulnerable a una exploración de rutas en varios endpoints, conllevando a una lectura/escritura arbitraria de archivos y una posible ejecución de código remota. No se presentan medidas de mitigación conocidas. Este problema ha sido parcheado y es recomendado a usuarios actualizar"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*","versionEndExcluding":"3.13.1","matchCriteriaId":"87276F61-A83D-46B4-9733-75F8FA71D3BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"3.16.2","matchCriteriaId":"0364324D-DBFF-4CC5-9902-F62A46D41BB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclinica:openclinica:3.14:*:*:*:*:*:*:*","matchCriteriaId":"A433705E-18AD-4645-921D-0479715075E0"}]}]}],"references":[{"url":"https://github.com/OpenClinica/OpenClinica/commit/6f864e86543f903bd20d6f9fc7056115106441f3","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-9rrv-prff-qph7","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/OpenClinica/OpenClinica/commit/6f864e86543f903bd20d6f9fc7056115106441f3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-9rrv-prff-qph7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}