How severe is CVE-2022-26340?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2022-26340?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2022-26340 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Related Vulnerabilities

CVE-2017-18875

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

CWE-7322017

CVE-2017-18876

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.

CWE-7322017

CVE-2018-13025

MEDIUM

CVSS:4.9(Medium)

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.

CWE-7322018

CVE-2018-14886

MEDIUM

CVSS:4.9(Medium)

The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read...

CWE-7322018

CVE-2018-20420

MEDIUM

CVSS:4.9(Medium)

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directo...

CWE-7322018

CVE-2019-3893

MEDIUM

CVSS:4.9(Medium)

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resourc...

CWE-7322019