Lucene search

RedhatCVELIST:CVE-2022-0730

HistoryMar 03, 2022 - 12:00 a.m.

CVE-2022-0730

2022-03-0300:00:00

CWE-287

redhat

www.cve.org

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

JSON

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Cati",
    "versions": [
      {
        "version": "1.2.19",
        "status": "affected"
      }
    ]
  }
]

References

github.com/Cacti/cacti/issues/4562

lists.debian.org/debian-lts-announce/2022/03/msg00038.html

lists.debian.org/debian-lts-announce/2022/12/msg00039.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/

www.debian.org/security/2022/dsa-5298