LiveActive security incident?Get immediate response
CVE Record

CVE-2022-23349: BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2022-23349 is a reported CSRF flaw in BigAnt Server v5.6.06. A successful attack would likely require tricking an authenticated user into performing unintended actions. The public record does not provide severity, affected configuration details, or a fixed version.

Executive priority

Treat this as a targeted product exposure issue. Prioritize if BigAnt Server supports internal communications or administrative workflows, especially where admin interfaces are reachable from user browsers.

Technical view

The CVE record describes Cross-Site Request Forgery in BigAnt Software BigAnt Server v5.6.06. The source bundle names a public GitHub proof-of-concept reference, but provides no CVSS score, CWE mapping, patch information, or vendor advisory details.

Likely exposure

Organizations running BigAnt Server v5.6.06 are the only clearly supported exposure from the provided sources. Broader version impact is not evidenced in the bundle.

Exploitation context

CISA KEV status is false in the supplied data. A public PoC reference is listed, but the bundle does not cite active exploitation or weaponized campaigns.

Researcher notes

The available record is sparse: no CVSS, no fixed version, no affected CPEs, and no detailed vulnerable endpoint information in the supplied bundle. Avoid assuming impact beyond BigAnt Server v5.6.06.

Mitigation direction

  • Inventory BigAnt Server deployments and identify any v5.6.06 instances.
  • Check BigAnt Software guidance for patched versions or official mitigations.
  • Restrict access to BigAnt administrative interfaces to trusted networks.
  • Review compensating browser and session protections for administrative users.

Validation and detection

  • Confirm product name and version on each BigAnt Server host.
  • Check whether exposed interfaces require authenticated administrative sessions.
  • Review access logs for suspicious authenticated configuration changes.
  • Track vendor and CVE records for updated remediation details.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-23349 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
3Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.