CVE-2022-26111
Published: 25 April 2022
Summary
CVE-2022-26111 is a high-severity Expression Language Injection (CWE-917) vulnerability in Canon Irisnext. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-26111 affects the BeanShell components of IRISNext through version 9.8.28. The vulnerability permits execution of arbitrary commands on the target server when an authenticated user creates a custom search or edits an existing or predefined document search. The search interface accepts BeanShell expressions that are evaluated without sufficient restrictions, resulting in remote code execution in the context of the IRISNext application user on the web server. The issue carries a CVSS 3.1 score of 8.8 and is associated with CWE-917.
An attacker with low-privileged access to the application can exploit the flaw over the network without user interaction. By supplying malicious BeanShell expressions inside search definitions, the attacker can run operating-system commands, potentially compromising the confidentiality, integrity, and availability of the server and any data accessible to the application account.
Public references consist of a technical advisory PDF hosted on GitHub and the vendor site at varsnext.iriscorporate.com; no specific patch or mitigation details are provided in the available information. The associated EPSS score has remained flat at 0.0737 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-30679
Vulnerability details
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote…
more
Code Execution in the context of the IRISNext application user, running on the web server.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.