How severe is CVE-2022-2226?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-2226?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2022-2226 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.

Related Vulnerabilities

CVE-2019-20626

MEDIUM

CVSS:6.5(Medium)

The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack.

CWE-2942019

CVE-2020-26172

MEDIUM

CVSS:6.5(Medium)

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration t...

CWE-2942020

CVE-2020-28713

MEDIUM

CVSS:6.5(Medium)

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker ...

CWE-2942020

CVE-2022-30466

MEDIUM

CVSS:6.5(Medium)

joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.

CWE-2942022

CVE-2022-45914

MEDIUM

CVSS:6.5(Medium)

The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to c...

CWE-2942022

CVE-2023-33281

MEDIUM

CVSS:6.5(Medium)

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reprodu...

CWE-2942023