A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The CWE definition for the vulnerability is CWE-74. The weakness was published 03/13/2022. This vulnerability is known as CVE-2022-1074. The attack can be launched remotely. There are no technical details available. Furthermore, there is an exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1055 for this issue. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
| Field | 03/13/2022 12:25 | 03/25/2022 08:42 |
|---|---|---|
| vendor | TEM | TEM |
| name | FLEX-1085 | FLEX-1085 |
| version | 1.6.0 | 1.6.0 |
| cwe | 74 (injection) | 74 (injection) |
| risk | 1 | 1 |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | N | N |
| cvss3 | R | R |
| cvss3 | U | U |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | N | N |
| cvss3 | P | P |
| cvss3 | R | R |
| availability | 1 | 1 |
| date | 1647126000 (03/13/2022) | 1647126000 (03/13/2022) |
| cvss2 | N | N |
| cvss2 | L | L |
| cvss2 | N | N |
| cvss2 | N | N |
| cvss2 | P | P |
| cvss2 | N | N |
| cvss2 | POC | POC |
| cvss2 | UR | UR |
| cvss2 | ND | ND |
| cvss3 | X | X |
| cvss2 | 5.0 | 5.0 |
| cvss2 | 4.3 | 4.3 |
| cvss3 | 4.3 | 4.3 |
| cvss3 | 3.9 | 3.9 |
| cvss3 | 4.3 | 4.3 |
| cvss3 | 3.9 | 3.9 |
| price | $0-$5k | $0-$5k |
| cve | CVE-2022-1074 | |
| cve | VulDB | |
| responsible | VulDB |