NVD - CVE-2022-34768

Vulnerability Change Records for CVE-2022-34768

Change History

CVE Modified by Israel National Cyber Directorate 9/01/2022 1:15:08 PM

Action	Type	Old Value	New Value
Added	CVSS V3.1		Israel National Cyber Directorate AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Removed	CVSS V3.1	Israel National Cyber Directorate AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Removed	CVSS V3.1 Reason	A-No availability impacts identified
Removed	CVSS V3.1 Reason	AV-Lack of information
Removed	CVSS V3.1 Reason	C-No confidentiality impacts identified
Removed	CVSS V3.1 Reason	I-No limiting factors
Removed	CVSS V3.1 Reason	PR-No privileges needed
Removed	CVSS V3.1 Reason	UI-User Interaction not identified
Added	CWE		Israel National Cyber Directorate CWE-79
Removed	CWE	Israel National Cyber Directorate CWE-284
Removed	CWE Reason	CWE-284 / Not enough information
Changed	Description	Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer's cart without verification. Because the number of purchases is serial.	insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.
Added	Reference		https://www.gov.il/en/departments/faq/cve_advisories [No Types Assigned]
Removed	Reference	https://www.gov.il/en/Departments/faq/cve_advisories [Third Party Advisory]