Published:2022/11/16  Last Updated:2022/11/16

JVN#37014768
Multiple vulnerabilities in Movable Type

Overview

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities.

Products Affected

CVE-2022-45113、CVE-2022-45122

  • Movable Type 7 r.5301 and earlier (Movable Type 7 Series)
  • Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series)
  • Movable Type 6.8.7 and earlier (Movable Type 6 Series)
  • Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series)
  • Movable Type Premium 1.53 and earlier
  • Movable Type Premium Advanced 1.53 and earlier
CVE-2022-43660
  • Movable Type 7 r.5301 and earlier (Movable Type 7 Series)
  • Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series)
  • Movable Type Premium 1.53 and earlier
  • Movable Type Premium Advanced 1.53 and earlier

Description

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.

  • Improper Validation of Syntactic Correctness of Input (CWE-1286) - CVE-2022-45113
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Base Score: 4.7
    CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3
  • Cross-site Scripting (CWE-79) - CVE-2022-45122
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97) - CVE-2022-43660
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 7.2
    CVSS v2 AV:N/AC:H/Au:S/C:P/I:P/A:P Base Score: 4.6

Impact

  • Having a user to access a specially crafted URL may allow a remote attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack - CVE-2022-45113
  • An arbitrary script may be executed on the web browser of the user who is accessing the site using the product - CVE-2022-45122
  • A remote authenticated attacker with the Privilege of "Manage of Content Types" may execute an arbitrary Perl script and/or an arbitrary OS command - CVE-2022-43660

Solution

Update the Software
Apply the appropriate update according to the information provided by the developer.
The developer has released the following updates that contain fixes for these vulnerabilities:

  • Movable Type 7 r.5401 (Movable Type 7 Series)
  • Movable Type Advanced 7 r.5401 (Movable Type Advanced 7 Series)
  • Movable Type 6.8.8 (Movable Type 6 Series)
  • Movable Type Advanced 6.8.8 (Movable Type Advanced 6 Series)
  • Movable Type Premium 1.54
  • Movable Type Premium Advanced 1.54

Vendor Status

Vendor Status Last Update Vendor Notes
Six Apart Ltd. Vulnerable 2022/11/16 Six Apart Ltd. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2022-45113, CVE-2022-45122
SHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2022-43660
Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2022-45113
CVE-2022-45122
CVE-2022-43660
JVN iPedia JVNDB-2022-000090