CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
20.6%
Vulnerability in HashiCorp Vault and Vault Enterprise enterprise information archiving platforms
is related to errors in the certificate authentication procedure. Exploitation of the vulnerability could
allow an attacker acting remotely to bypass the authentication process
Vulnerability in the max_request_duration component of the HashiCorp Enterprise Information Archiving Platforms
Vault and Vault Enterprise platforms is related to unlimited resource allocation when processing HTTP requests.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
Vulnerability in the TLS protocol validation component of enterprise information archiving platforms
HashiCorp Vault and Vault Enterprise is related to incorrect handling of exceptional states.
Exploitation of the vulnerability could allow an attacker to bypass the authentication process
Vulnerability of HashiCorp Vault and Vault Enterprise enterprise information archiving platforms
is related to incorrect assignment of permissions for a critical resource. Exploitation of the vulnerability could
allow a remote attacker to escalate privileges
Vulnerability in HashiCorp Vault and Vault Enterprise enterprise information archiving platforms
is related to memory freeing errors. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service.
remotely to cause a denial of service
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
20.6%