How severe is CVE-2022-25768?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-25768?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2022-25768

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-287

View all →

Vulnerability Description

The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.

CVE-2009-1596

MEDIUM

CVSS:6.5(Medium)

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intende...

CWE-2872009

CVE-2012-1258

MEDIUM

CVSS:6.5(Medium)

cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with adminis...

CWE-2872012

CVE-2015-4987

MEDIUM

CVSS:6.5(Medium)

The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.

CWE-2872015

CVE-2015-5298

MEDIUM

CVSS:6.5(Medium)

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps d...

CWE-2872015