{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T08:57:39.678","vulnerabilities":[{"cve":{"id":"CVE-2022-24831","sourceIdentifier":"security-advisories@github.com","published":"2022-05-14T01:15:06.847","lastModified":"2024-11-21T06:51:11.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade."},{"lang":"es","value":"OpenClinica es un software de código abierto para la captura electrónica de datos (EDC) y la administración de datos clínicos (CDM). Las versiones anteriores a 3.16.1, son vulnerables a una inyección SQL debido al uso de la concatenación de cadenas para crear consultas SQL en lugar de sentencias preparadas. No se presentan medidas de mitigación conocidas. Este problema ha sido parcheado en versiones 3.16.1, 3.15.9, 3.14.1 y 3.13.1 y es recomendado a usuarios actualizar"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*","versionEndExcluding":"3.13.1","matchCriteriaId":"87276F61-A83D-46B4-9733-75F8FA71D3BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*","versionStartExcluding":"3.15","versionEndExcluding":"3.15.9","matchCriteriaId":"C6CDC0C5-D124-449C-A54E-9F468D5FE00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*","versionStartExcluding":"3.16","versionEndExcluding":"3.16.1","matchCriteriaId":"8FE462A1-C131-4F1D-93BD-4F5F9EC3986B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openclinica:openclinica:3.14:*:*:*:*:*:*:*","matchCriteriaId":"A433705E-18AD-4645-921D-0479715075E0"}]}]}],"references":[{"url":"https://github.com/OpenClinica/OpenClinica/pull/3490/commits/b152cc63019230c9973965a98e4386ea5322c18f","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-5289-4jwp-xp9h","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/OpenClinica/OpenClinica/pull/3490/commits/b152cc63019230c9973965a98e4386ea5322c18f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-5289-4jwp-xp9h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}