{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:54:49.050","vulnerabilities":[{"cve":{"id":"CVE-2022-37108","sourceIdentifier":"cve@mitre.org","published":"2022-09-07T14:15:09.157","lastModified":"2024-11-21T07:14:28.217","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the \"Manage Ingesters\" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner."},{"lang":"es","value":"Una vulnerabilidad de inyección en el asistente de configuración de syslog-ng en Securonix Snypr versión 6.4, permite que un usuario de la aplicación con el permiso \"Manage Ingesters\" ejecute código arbitrario en los ingesters remotos al añadir texto arbitrario a los archivos de texto que son ejecutados por el sistema, como los archivos crontab de los usuarios. El parche para esto estaba presente en la versión 6.4 Jun 2022 R3_[06170871] de SNYPR, pero puede haber sido introducido antes"}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:securonix:snypr:6.4:*:*:*:*:*:*:*","matchCriteriaId":"294463B2-F266-4C2C-8AC1-23CD10BB8CD9"}]}]}],"references":[{"url":"https://conway.scot/securonix-rce/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://conway.scot/securonix-rce/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}