{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36243", "assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "assignerShortName": "ShopBeat", "dateUpdated": "2025-01-13T20:56:36.011Z", "dateReserved": "2022-07-18T00:00:00", "datePublished": "2023-05-30T00:00:00"}, "containers": {"cna": {"title": "Directory Traversal on Shop Beat Services", "datePublic": "2023-05-23T00:00:00", "providerMetadata": {"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "shortName": "ShopBeat", "dateUpdated": "2023-05-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."}], "affected": [{"vendor": "Shop Beat", "product": "studio", "versions": [{"version": "studio", "status": "affected", "lessThan": "3.2.57", "versionType": "custom"}], "platforms": ["arm"]}], "references": [{"url": "https://www.shopbeat.co.za"}], "credits": [{"lang": "en", "value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-548 Information Exposure Through Directory Listing", "cweId": "CWE-548"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.272Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.shopbeat.co.za", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-13T20:56:00.626503Z", "id": "CVE-2022-36243", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T20:56:36.011Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.shopbeat.co.za", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.272Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-36243", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-13T20:56:00.626503Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T20:56:12.016Z"}}], "cna": {"title": "Directory Traversal on Shop Beat Services", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."}], "affected": [{"vendor": "Shop Beat", "product": "studio", "versions": [{"status": "affected", "version": "studio", "lessThan": "3.2.57", "versionType": "custom"}], "platforms": ["arm"]}], "datePublic": "2023-05-23T00:00:00", "references": [{"url": "https://www.shopbeat.co.za"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-548", "description": "CWE-548 Information Exposure Through Directory Listing"}]}], "providerMetadata": {"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "shortName": "ShopBeat", "dateUpdated": "2023-05-30T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2022-36243", "state": "PUBLISHED", "dateUpdated": "2025-01-13T20:56:36.011Z", "dateReserved": "2022-07-18T00:00:00", "assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "datePublished": "2023-05-30T00:00:00", "assignerShortName": "ShopBeat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E", "versionEndExcluding": "3.2.57", "versionStartIncluding": "2.5.95", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in \"studio\" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm."}], "id": "CVE-2022-36243", "lastModified": "2025-01-13T21:15:08.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-30T20:15:09.587", "references": [{"source": "support@shopbeat.co.za", "tags": ["Product"], "url": "https://www.shopbeat.co.za"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.shopbeat.co.za"}], "sourceIdentifier": "support@shopbeat.co.za", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-548"}], "source": "support@shopbeat.co.za", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}