CVE-2022-23862

HIGH Year: 2022
CVSS v3 Score
8.4
High
Weakness Type
CWE-306
View all →

Vulnerability Description

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

Related Vulnerabilities

CVE-2017-8155

HIGH
CVSS:8.4(High)

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor u...

CWE-3062017

CVE-2020-25621

HIGH
CVSS:8.4(High)

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys a...

CWE-3062020

CVE-2024-27169

HIGH
CVSS:8.4(High)

Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/mode...

CWE-3062024

CVE-2024-27758

HIGH
CVSS:8.4(High)

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that res...

CWE-3062024

CVE-2019-18572

HIGH
CVSS:8.3(High)

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host...

CWE-3062019

CVE-2020-6294

HIGH
CVSS:8.5(High)

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.

CWE-3062020