{"api_version":"1","generated_at":"2026-04-22T22:50:33+00:00","cve":"CVE-2022-23858","urls":{"html":"https://cve.report/CVE-2022-23858","api":"https://cve.report/api/cve/CVE-2022-23858.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-23858","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-23858"},"summary":{"title":"CVE-2022-23858","description":"A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-01-24 03:15:00","updated_at":"2022-12-09 16:23:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.starwindsoftware.com/security/sw-20220121-0001/","name":"https://www.starwindsoftware.com/security/sw-20220121-0001/","refsource":"MISC","tags":[],"title":"SW-20220121-0001 Command Center Service vulnerability in StarWind products","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-23858","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23858","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"23858","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"starwindsoftware","cpe5":"command_center","cpe6":"2","cpe7":"build_6003","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-23858","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.starwindsoftware.com/security/sw-20220121-0001/","refsource":"MISC","name":"https://www.starwindsoftware.com/security/sw-20220121-0001/"}]}},"nvd":{"publishedDate":"2022-01-24 03:15:00","lastModifiedDate":"2022-12-09 16:23:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9},"severity":"HIGH","exploitabilityScore":8,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:starwindsoftware:command_center:2:build_6003:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"23858","Ordinal":"226751","Title":"CVE-2022-23858","CVE":"CVE-2022-23858","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"23858","Ordinal":"1","NoteData":"In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API.","Type":"Description","Title":null},{"CveYear":"2022","CveId":"23858","Ordinal":"2","NoteData":"2022-01-23","Type":"Other","Title":"Published"},{"CveYear":"2022","CveId":"23858","Ordinal":"3","NoteData":"2022-01-23","Type":"Other","Title":"Modified"}]}}}