How severe is CVE-2022-1631?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2022-1631?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2022-1631

MEDIUM Year: 2022

CVSS v3 Score

6.8

Medium

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.

CVE-2016-2167

MEDIUM

CVSS:6.8(Medium)

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate a...

CWE-2842016

CVE-2016-4030

MEDIUM

CVSS:6.8(Medium)

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I...

CWE-2842016

CVE-2016-4031

MEDIUM

CVSS:6.8(Medium)

CWE-2842016

CVE-2016-5610

MEDIUM

CVSS:6.8(Medium)

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability ...

CWE-2842016

CVE-2016-6338

MEDIUM

CVSS:6.8(Medium)

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restrict...

CWE-2842016

CVE-2017-7918

MEDIUM

CVSS:6.8(Medium)

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups us...

CWE-2842017

CVE-2022-1631

Vulnerability Description

Related Vulnerabilities

CVE-2016-2167

CVE-2016-4030

CVE-2016-4031

CVE-2016-5610

CVE-2016-6338

CVE-2017-7918