Lucene search

[email protected]NVD:CVE-2022-26656

HistoryJul 17, 2022 - 9:15 p.m.

CVE-2022-26656

2022-07-1721:15:08

[email protected]

web.nvd.nist.gov

pexip infinity

remote attackers

software abort

enumerate usernames

one touch join

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.002

Percentile

55.2%

JSON

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

Affected configurations

Nvd

Node

pexippexip_infinityRange<27.3

VendorProductVersionCPE
pexippexip_infinity*cpe:2.3:a:pexip:pexip_infinity:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pexip	pexip_infinity	*	cpe:2.3:a:pexip:pexip_infinity::::::::

References

docs.pexip.com/admin/security_bulletins.htm#CVE-2022-26656

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.002

Percentile

55.2%

JSON

Related for NVD:CVE-2022-26656

cnvd1 prion1 cvelist1 cve1