CVE-2022-23320 – XMPie uStore 12.3.7244.0 contains a vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-23320?

CVE-2022-23320 has a CVSS score of 7.5 (HIGH). XMPie uStore 12.3.7244.0 contains a vulnerability where administrators can execute raw SQL queries through report generation functionality. Since the application ships with default administrative credentials, attackers can authenticate and exfiltrate sensitive database information. This affects organizations using the vulnerable version of XMPie uStore.

📋 TL;DR

XMPie uStore 12.3.7244.0 contains a vulnerability where administrators can execute raw SQL queries through report generation functionality. Since the application ships with default administrative credentials, attackers can authenticate and exfiltrate sensitive database information. This affects organizations using the vulnerable version of XMPie uStore.

💻 Affected Systems

Products:

XMPie uStore

Versions: 12.3.7244.0 (specific version mentioned, likely affects earlier versions too)

Operating Systems: Windows (primary deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation with administrative report generation feature and default credentials.

📦 What is this software?

Xmpie Ustore by Xerox

View all CVEs affecting Xmpie Ustore →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive customer data, credentials, and business information leading to data breach, regulatory fines, and reputational damage.

🟠

Likely Case

Unauthorized data extraction from database tables containing user information, configuration data, and potentially authentication credentials.

🟢

If Mitigated

Limited impact if default credentials are changed and proper access controls are implemented, though SQL injection risk remains.

🌐 Internet-Facing: HIGH - If exposed to internet with default credentials, trivial exploitation leads to data exfiltration.

🏢 Internal Only: MEDIUM - Requires internal network access but default credentials make exploitation straightforward.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but default credentials are known. SQL injection through report generation interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor release notes for updates beyond 12.3.7244.0

Vendor Advisory: https://www.xmpie.com/ustore-release-notes/

Restart Required: Yes

Instructions:

1. Check XMPie uStore release notes for security updates. 2. Apply latest vendor patch. 3. Restart application services. 4. Verify default credentials are changed.

🔧 Temporary Workarounds

Change Default Credentials

all

Immediately change all default administrative passwords to strong, unique credentials.

Use XMPie uStore administration interface to change administrator passwords

Restrict Report Generation Access

all

Limit administrative report generation capabilities to trusted users only.

Configure role-based access control in uStore administration

🧯 If You Can't Patch

Implement network segmentation to isolate XMPie uStore from sensitive systems
Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check if using XMPie uStore version 12.3.7244.0 or earlier with default administrative credentials.

Check Version:

Check XMPie uStore administration interface or installation directory for version information

Verify Fix Applied:

Verify updated to patched version and default credentials are changed. Test report generation functionality with SQL queries.

📡 Detection & Monitoring

Log Indicators:

Unusual administrative login patterns
Large database query execution in logs
Multiple report generation requests

Network Indicators:

Unusual outbound database connections
Large data transfers from uStore server

SIEM Query:

source="ustore*" AND (event="admin_login" OR event="report_generation") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2022-23320

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-287

Published: February 7, 2022

Last Updated: November 21, 2024

🔗 References

http://xmpie.com Vendor Advisory
https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 Third Party Advisory
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ Exploit,Third Party Advisory
https://www.xmpie.com/ustore-release-notes/ Release Notes,Vendor Advisory
http://xmpie.com Vendor Advisory
https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 Third Party Advisory
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ Exploit,Third Party Advisory
https://www.xmpie.com/ustore-release-notes/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23320, you might also want to check these: