Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-37197

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Nov, 2022 | 00:00
Updated At-29 Apr, 2025 | 19:11
Rejected At-
Credits

IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Nov, 2022 | 00:00
Updated At:29 Apr, 2025 | 19:11
Rejected At:
▼CVE Numbering Authority (CNA)

IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/51029
N/A
Hyperlink: https://www.exploit-db.com/exploits/51029
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/51029
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/51029
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-428CWE-428 Unquoted Search Path or Element
Type: CWE
CWE ID: CWE-428
Description: CWE-428 Unquoted Search Path or Element
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Nov, 2022 | 21:15
Updated At:29 Apr, 2025 | 20:15

IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
iobit
iobit
>>iotransfer>>4.0
cpe:2.3:a:iobit:iotransfer:4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-428Primarynvd@nist.gov
CWE-428Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-428
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-428
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.exploit-db.com/exploits/51029cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/51029af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/51029
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/51029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2020-23864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.17%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 13:28
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder.

Action-Not Available
Vendor-iobitn/a
Product-malware_fightern/a
CVE-2019-6008
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.73%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:16
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-exaplogexaquantumexasmocexarqeinsightsuiteaega10exaquantum\/batchexaopcMultiple Yokogawa products for Windows
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-40683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 16:29
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.

Action-Not Available
Vendor-akamain/aMicrosoft Corporation
Product-windowsenterprise_application_accessn/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-26735
Matching Score-4
Assigner-Zscaler, Inc.
ShareView Details
Matching Score-4
Assigner-Zscaler, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 13:19
Updated-27 Feb, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path While Executing REG DELETE by Uninstaller

The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.

Action-Not Available
Vendor-Zscaler, Inc.
Product-client_connectorClient Connector
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-19705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-aio510-23ish_firmwareyangtian_mc_h110_pci_firmwareyangtian_mf\/wf_h110_pcithinkserver_ts250_firmwarethinkpad_t25yangtian_ytm6900e-00thinkcentre_m9500zaio_910-27ishthinkpad_yoga_11e_3rd_gensydney_e3_h110yangtian_mc_h110_firmwarethinkpad_p51s_firmwarethinkserver_ts450_firmwarethinkpad_l470_firmwarethinkcentre_m6600ideacentre_510s-08ishthinkpad_a475thinkpad_l480ideacentre_310-15iapthinkpad_l560yangtian_me\/we_h110thinkpad_t470sthinkpad_t460sthinkstation_p320thinkcentre_m900z_firmwarethinkpad_p50_firmwarethinkcentre_m818zthinkpad_t460pyangtian_mc_h110thinkcentre_e95zthinkcentre_m715qideacentre_310s-08iap_firmwareaio520-24iku_firmwareideacentre_620s-03ikl_firmwareaio520-22ikuthinkserver_ts150thinkstation_p320_tinyqt_a7400legion_y520t_z370_firmwarethinkpad_x1_carbonthinkpad_x1_carbon_firmwareideacentre_310-15asrthinkpad_13thinkpad_l570thinkpad_l390_yoga_firmwarethinkserver_ts250thinkpad_x260_firmwareideacentre_310-15iap_firmwareaio_y910-27ishaio520-24ikl_firmwarethinkcentre_m8600t\/sthinkpad_t580thinkpad_yoga_11e_3rd_gen_firmwarethinkpad_t25_firmwarethinkpad_s3_3rd_genthinkpad_l450thinkpad_x280thinkpad_l380thinkcentre_m710ethinkcentre_m910qthinkpad_p71thinkcentre_m715t\/sthinkserver_ts140thinkcentre_m900zthinkpad_p52syta8900f_firmwarethinkstation_p330_firmwarethinkpad_t480sideacentre_520s-23ikulenovo_v320-15iapideacentre_520s-23iku_firmwarethinkpad_t460aio310-20iapthinkcentre_m6600_firmwarethinkcentre_m910_t\/sthinkstation_p330_tinythinkcentre_m810zthinkcentre_e95z_firmwarelegion_y520t_z370thinkpad_t480_firmwarethinkcentre_m810z_firmwarethinkserver_ts150_firmwarethinkpad_x280_firmwareideacentre_310s-08iapthinkpad_t450sthinkcentre_x1_aio_firmwarethinkpad_l460legion_y720_tower_firmwarelenovo_v320-15iap_firmwarethinkstation_p330thinkcentre_m8300z_firmwarethinkpad_x270thinkpad_x250_firmwarethinkserver_ts550thinkcentre_e74zthinkcentre_m800aio520-22iklaio720-24ikb_firmwarethinkcentre_m6600t\/s_firmwareideacentre_620s-03iklthinkcentre_m910xthinkpad_l460_firmwareaio300-23isu_firmwarethinkcentre_m700q_firmwarethinkpad_l570_firmwarethinkpad_l580_firmwarev510z_\(yt_s5250\)_firmwarethinkcentre_m715q_firmwarethinkpad_x1_yogav410z\(yt_s4250\)thinkcentre_m710t\/s_firmwarethinkcentre_m710qthinkserver_ts450thinkpad_t480thinkcentre_m710q_firmwareaio520-24ikuthinkserver_ts240thinkpad_p71_firmwarethinkcentre_m8350zyangtian_afh110thinkcentre_m900thinkpad_t460_firmwarethinkpad_t560_firmwareaio_y910-27ish_firmwarethinkpad_t580_firmwarethinkpad_s3_3rd_gen_firmwareideacentre_510s-08iklthinkcentre_m8350z_firmwareideacentre_300s-11ish_firmwarev510z_\(yt_s5250\)aio520-24iklthinkserver_ts140_firmwarethinkpad_t470s_firmwarethinkcentre_m710t\/sthinkcentre_m700qthinkcentre_m700z_firmwarethinkcentre_m9550zthinkpad_p51_firmwareideacentre_610s-02ishaio520-22iku_firmwareideacentre_510s-08ikl_firmwarethinkpad_t560aio_910-27ish_firmwareaio300-23isuthinkpad_p50sthinkstation_p318_firmwarethinkcentre_m8300zaio510-23ishyangtian_me\/we_h110_firmwarethinkpad_x250thinkpad_t470ideacentre_510-15abrthinkcentre_m910zideacentre_700_firmwareideacentre_720-18asr_firmwarethinkstation_p310aio510-22ishlegion_y920_towerthinkcentre_m715t\/s_firmwarethinkcentre_m900_firmwareaio310-20iap_firmwarev410z\(yt_s4250\)_firmwarethinkcentre_m7300zthinkcentre_m800zaio520-22ikl_firmwareideacentre_610s-02ish_firmwareyangtian_ytm6900e-00_firmwareideacentre_510-15abr_firmwarethinkcentre_m710e_firmwareyangtian_afh110_firmwarethinkcentre_m910z_firmwarethinkstation_p320_firmwarethinkpad_13_firmwarethinkpad_yoga_11e_4th_genthinkpad_a275thinkpad_x1_tabletaio720-24ikbthinkpad_p70_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_e74z_firmwarethinkpad_p51ideacentre_510s-08ish_firmwarethinkcentre_m6600t\/sthinkpad_t460s_firmwarethinkpad_t470pthinkpad_l580yangtian_afq150_firmwarethinkstation_p310_firmwarethinkcentre_m800_firmwarethinkpad_p50s_firmwarethinkpad_l450_firmwarethinkpad_x1_yoga_firmwaresydney_e3_h110_firmwarethinkstation_p318v310z\(yt_s3150\)_firmwareideacentre_310-15asr_firmwarethinkcentre_m910x_firmwarethinkcentre_m8600t\/s_firmwareyangtian_afq150legion_y720_towerthinkpad_t570_firmwarethinkpad_l560_firmwarethinkpad_t460p_firmwareyangtian_mf\/wf_h110_pci_firmwarethinkcentre_m700zthinkstation_p320_tiny_firmwarethinkpad_l380_firmwarethinkpad_x260ideacentre_720-18asrthinkcentre_m6600q_firmwareaio520-27iklthinkpad_x1_tablet_firmwareaio520-27ikl_firmwarethinkcentre_m700t\/sthinkpad_l480_firmwarethinkcentre_m7300z_firmwarethinkcentre_x1_aiothinkpad_l380_yogalegion_y720t_amdthinkpad_p50ideacentre_510-15ikl_firmwareyta8900fideacentre_300s-11ishthinkcentre_m818z_firmwarethinkpad_p52s_firmwarethinkpad_t570thinkpad_p51syangtian_tc\/wc_h110_pci_firmwareideacentre_700thinkpad_s2_yoga_4th_genthinkpad_t450s_firmwarethinkpad_t450_firmwarev310z\(yt_s3150\)thinkcentre_m800z_firmwarethinkcentre_m910_t\/s_firmwarethinkpad_t450thinkpad_t480s_firmwarethinkpad_s2_yoga_3rd_genideacentre_310a-15iap_firmwarethinkpad_t470p_firmwarethinkpad_yoga_11e_4th_gen_firmwarethinkpad_l13_yogathinkpad_a275_firmwareideacentre_510-15iklthinkpad_s2_yoga_4th_gen_firmwareaio510-22ish_firmwarethinkcentre_m6600qlegion_y920_tower_firmwarethinkpad_a475_firmwareyangtian_mc_h110_pcithinkpad_p70thinkserver_ts550_firmwarethinkpad_l470yangtian_tc\/wc_h110_pcithinkcentre_m9500z_firmwarethinkpad_l390_yogathinkpad_l13_yoga_firmwarethinkcentre_m9550z_firmwarethinkcentre_m700t\/s_firmwarethinkcentre_e74s_firmwareyangtian_s4150_firmwarethinkcentre_e74sthinkserver_ts240_firmwarethinkcentre_m910q_firmwarethinkpad_t470_firmwarelegion_y720t_amd_firmwarethinkstation_p330_tiny_firmwarethinkpad_l380_yoga_firmwareqt_a7400_firmwareideacentre_310a-15iapyangtian_s4150thinkpad_x270_firmwaren/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-8326
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 16:10
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDrivers Management
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-35292
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 15:41
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.

Action-Not Available
Vendor-SAP SE
Product-business_oneSAP Business One
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-26911
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 00:00
Updated-23 Oct, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-armoury_cratesetupasusservicesn/a
CWE ID-CWE-428
Unquoted Search Path or Element
Details not found