CVE-2022-45876

Description

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.

Solution:

VISAM recommends users update to VBASE 11.7.5 or later. The update can be performed via the VBASE Editor update dialog on machines with secure access to the internet. Users of machines without internet access must manually update by submitting a request form https://www.vbase.net/en/download.php to receive a download link.For more information, users should contact VISAM using the information provided on their contact page https://www.visam.com/kontakt.php (German language).

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05	third party advisory us government resource
https://www.visam.com/kontakt.php	product
https://www.vbase.net/en/download.php	product

What is the severity of CVE-2022-45876?: CVE-2022-45876 has been scored as a medium severity vulnerability.
How to fix CVE-2022-45876?: To fix CVE-2022-45876: VISAM recommends users update to VBASE 11.7.5 or later. The update can be performed via the VBASE Editor update dialog on machines with secure access to the internet. Users of machines without internet access must manually update by submitting a request form https://www.vbase.net/en/download.php to receive a download link.For more information, users should contact VISAM using the information provided on their contact page https://www.visam.com/kontakt.php (German language).
Is CVE-2022-45876 being actively exploited in the wild?: It is possible that CVE-2022-45876 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~5% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-45876?: CVE-2022-45876 affects VISAM VBASE.