{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36249", "assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "assignerShortName": "ShopBeat", "dateUpdated": "2025-01-13T20:51:29.627Z", "dateReserved": "2022-07-18T00:00:00", "datePublished": "2023-05-30T00:00:00"}, "containers": {"cna": {"title": "Shop Beat Services Vulnerable To Bypass 2FA via APIs", "datePublic": "2023-05-29T00:00:00", "providerMetadata": {"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "shortName": "ShopBeat", "dateUpdated": "2023-05-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. \"After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level."}], "affected": [{"vendor": "Shop Beat", "product": "studio", "versions": [{"version": "studio", "status": "affected", "lessThan": "3.2.57", "versionType": "custom"}], "platforms": ["arm"]}], "references": [{"url": "https://www.shopbeat.co.za"}], "credits": [{"lang": "en", "value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.181Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.shopbeat.co.za", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-13T20:51:16.299285Z", "id": "CVE-2022-36249", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T20:51:29.627Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.shopbeat.co.za", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.181Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-36249", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-13T20:51:16.299285Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T20:51:10.278Z"}}], "cna": {"title": "Shop Beat Services Vulnerable To Bypass 2FA via APIs", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "value": "Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery."}], "affected": [{"vendor": "Shop Beat", "product": "studio", "versions": [{"status": "affected", "version": "studio", "lessThan": "3.2.57", "versionType": "custom"}], "platforms": ["arm"]}], "datePublic": "2023-05-29T00:00:00", "references": [{"url": "https://www.shopbeat.co.za"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. \"After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "shortName": "ShopBeat", "dateUpdated": "2023-05-30T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2022-36249", "state": "PUBLISHED", "dateUpdated": "2025-01-13T20:51:29.627Z", "dateReserved": "2022-07-18T00:00:00", "assignerOrgId": "d3f162d7-5820-4c58-beef-03f43baaf8ad", "datePublished": "2023-05-30T00:00:00", "assignerShortName": "ShopBeat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*", "matchCriteriaId": "C54277DA-6740-4A03-AA80-3546DDD4D17E", "versionEndExcluding": "3.2.57", "versionStartIncluding": "2.5.95", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. \"After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level."}], "id": "CVE-2022-36249", "lastModified": "2025-01-13T21:15:09.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-30T20:15:09.823", "references": [{"source": "support@shopbeat.co.za", "tags": ["Product"], "url": "https://www.shopbeat.co.za"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.shopbeat.co.za"}], "sourceIdentifier": "support@shopbeat.co.za", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "support@shopbeat.co.za", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}