CVE-2022-25804

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-276
View all →

Vulnerability Description

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.

Related Vulnerabilities

CVE-2002-1713

MEDIUM
CVSS:5.5(Medium)

The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.

CWE-2762002

CVE-2012-6136

MEDIUM
CVSS:5.5(Medium)

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

CWE-2762012

CVE-2013-1425

MEDIUM
CVSS:5.5(Medium)

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

CWE-2762013

CVE-2013-4281

MEDIUM
CVSS:5.5(Medium)

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

CWE-2762013

CVE-2017-6404

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.

CWE-2762017

CVE-2017-7761

MEDIUM
CVSS:5.5(Medium)

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), pr...

CWE-2762017