How severe is CVE-2022-29174?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-29174?

This is classified as CWE-640, which is a common weakness in software security.

CVE-2022-29174 - HIGH Severity | CVSS 8.1

Vulnerability Description

countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface.

Related Vulnerabilities

CVE-2014-6412

HIGH

CVSS:8.1(High)

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

CWE-6402014

CVE-2017-0921

HIGH

CVSS:8.1(High)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account tak...

CWE-6402017

CVE-2017-8613

HIGH

CVSS:8.1(High)

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Az...

CWE-6402017

CVE-2018-1000812

HIGH

CVSS:8.1(High)

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45...

CWE-6402018

CVE-2018-12579

HIGH

CVSS:8.1(High)

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1....

CWE-6402018

CVE-2019-12943

HIGH

CVSS:8.1(High)

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.

CWE-6402019