Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-26488
HistoryMar 10, 2022 - 5:47 p.m.

CVE-2022-26488

2022-03-1017:47:45
CWE-426
[email protected]
web.nvd.nist.gov
1

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.

Affected configurations

NVD
Node
pythonpythonRange3.7.12
OR
pythonpythonRange3.8.03.8.12
OR
pythonpythonRange3.9.03.9.10
OR
pythonpythonRange3.10.03.10.2
OR
pythonpythonMatch3.11.0alpha1
OR
pythonpythonMatch3.11.0alpha2
OR
pythonpythonMatch3.11.0alpha3
OR
pythonpythonMatch3.11.0alpha4
OR
pythonpythonMatch3.11.0alpha5
OR
pythonpythonMatch3.11.0alpha6
AND
microsoftwindowsMatch-
Node
netappactive_iq_unified_managerMatch-windows
OR
netappontap_select_deploy_administration_utilityMatch-

Related

osv 2
ubuntucve 1
openvas 1
ibm 3
debiancve 1
prion 1
cvelist 1
cve 1
ics 1
osv
osv
CVE-2022-26488
2022-03-10 17:47:00
BIT-python-2022-26488
2024-03-06 11:05:29
ubuntucve
ubuntucve
CVE-2022-26488
2022-03-10 00:00:00
openvas
openvas
Python Privilege Escalation Vulnerability (bpo-46948) - Windows
2022-03-14 00:00:00
ibm
ibm
Security Bulletin: Python is vulnerable to CVE-2022-26488 used in IBM Maximo Application Suite
2023-04-20 19:53:39
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-10-18 14:58:51
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
2022-08-23 22:32:13
debiancve
debiancve
CVE-2022-26488
2022-03-10 17:47:45
prion
prion
Path traversal
2022-03-10 17:47:00
cvelist
cvelist
CVE-2022-26488
2022-03-07 17:26:04
cve
cve
CVE-2022-26488
2022-03-10 17:47:45
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for NVD:CVE-2022-26488
osv2ubuntucve1openvas1ibm3debiancve1prion1cvelist1cve1ics1