Lucene search

MitreCVE-2022-41471

HistoryOct 17, 2022 - 2:15 p.m.

CVE-2022-41471

2022-10-1714:15:13

mitre

web.nvd.nist.gov

74cmsse

v3.12.0

cve-2022-41471

security vulnerability

super administrator

credentials

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

19.8%

JSON

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.

Affected configurations

Nvd

Node

74cms74cmsseMatch3.12.0

VendorProductVersionCPE
74cms74cmsse3.12.0cpe:2.3:a:74cms:74cmsse:3.12.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
74cms	74cmsse	3.12.0	cpe:2.3:a:74cms:74cmsse:3.12.0:::::::*

References

github.com/xxhzz1/74cmsSE-Improper-permission-configuration-vulnerability/issues/1

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

19.8%

JSON

Related for CVE-2022-41471