exploitDog

CVE-2022-37145

Опубликовано: 08 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.

Ссылки

http://plextrac.com
Product
https://www.controlgap.com/blog/a-plextrac-story
Technical Description
Third Party Advisory
http://plextrac.com
Product
https://www.controlgap.com/blog/a-plextrac-story
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plextrac:plextrac:*:*:*:*:*:*:*:*

Версия до 1.17.0 (исключая)

EPSS

Процентиль: 76%

0.00932

Низкий

7.5 High

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-9825-85h5-5w5p

CVSS3: 7.5

github

больше 3 лет назад

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.

EPSS

Процентиль: 76%

0.00932

Низкий

7.5 High

CVSS3

Дефекты

CWE-307