CVE-2022-2393

MEDIUM Year: 2022
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

Related Vulnerabilities

CVE-2018-20945

MEDIUM
CVSS:5.7(Medium)

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).

CWE-2852018

CVE-2021-25507

MEDIUM
CVSS:5.7(Medium)

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Fo...

CWE-2852021

CVE-2025-29778

MEDIUM
CVSS:5.8(Medium)

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with ke...

CWE-2852025

CVE-2025-0580

MEDIUM
CVSS:5.6(Medium)

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api...

CWE-2852025

CVE-2017-8252

MEDIUM
CVSS:5.5(Medium)

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electr...

CWE-2852017

CVE-2018-9867

MEDIUM
CVSS:5.5(Medium)

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download ...

CWE-2852018