{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-17T15:13:12.605","vulnerabilities":[{"cve":{"id":"CVE-2022-30290","sourceIdentifier":"cve@mitre.org","published":"2022-07-05T13:15:08.427","lastModified":"2024-11-21T07:02:30.720","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately."},{"lang":"es","value":"En OpenCTI versiones hasta 5.2.4, se identificó una vulnerabilidad de control de acceso roto en el extremo del perfil. Un atacante puede abusar de la vulnerabilidad identificada para cambiar arbitrariamente su dirección de correo electrónico registrada, así como su clave API, aunque tal acción no sea posible por medio de la interfaz, legítimamente"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.4","matchCriteriaId":"9ED50199-3906-416B-9470-C521C207369D"}]}]}],"references":[{"url":"https://github.com/OpenCTI-Platform/opencti/releases","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/OpenCTI-Platform/opencti/releases","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}