How severe is CVE-2022-26355?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2022-26355?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2022-26355 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.

Related Vulnerabilities

CVE-2014-2387

MEDIUM

CVSS:4.4(Medium)

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

CWE-6682014

CVE-2021-1423

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulne...

CWE-6682021

CVE-2022-27817

MEDIUM

CVSS:4.4(Medium)

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.

CWE-6682022

CVE-2019-10365

MEDIUM

CVSS:4.3(Medium)

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permi...

CWE-6682019

CVE-2019-16518

MEDIUM

CVSS:4.3(Medium)

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energ...

CWE-6682019

CVE-2020-26086

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an ...

CWE-6682020