exploitDog

CVE-2022-25518

Опубликовано: 22 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.

Ссылки

https://www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vulnerability-patch
Release Notes
Vendor Advisory
https://www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vulnerability-patch
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tecnoteca:cmdbuild:*:*:*:*:*:*:*:*

Версия от 3.0 (включая) до 3.3.2 (включая)

EPSS

Процентиль: 55%

0.00327

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-rqj8-p2p7-jm55

CVSS3: 6.5

github

почти 4 года назад

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.

EPSS

Процентиль: 55%

0.00327

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532