Lucene search

[email protected]NVD:CVE-2022-41471

HistoryOct 17, 2022 - 2:15 p.m.

CVE-2022-41471

2022-10-1714:15:13

[email protected]

web.nvd.nist.gov

74cmsse v3.12.0

authentication flaw

unauthorized privilege escalation

super administrator account

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.8%

JSON

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.

Affected configurations

Nvd

Node

74cms74cmsseMatch3.12.0

VendorProductVersionCPE
74cms74cmsse3.12.0cpe:2.3:a:74cms:74cmsse:3.12.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
74cms	74cmsse	3.12.0	cpe:2.3:a:74cms:74cmsse:3.12.0:::::::*

References

github.com/xxhzz1/74cmsSE-Improper-permission-configuration-vulnerability/issues/1

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.8%

JSON

Related for NVD:CVE-2022-41471

prion1 cve1 cvelist1