CVE-2022-29475

MEDIUM Year: 2022
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-294
View all →

Vulnerability Description

An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Related Vulnerabilities

CVE-2025-47706

MEDIUM
CVSS:4.8(Medium)

Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from ...

CWE-2942025

CVE-2025-48012

MEDIUM
CVSS:4.8(Medium)

Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.

CWE-2942025

CVE-2023-20123

MEDIUM
CVSS:4.6(Medium)

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay...

CWE-2942023

CVE-2020-14302

MEDIUM
CVSS:4.9(Medium)

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the ...

CWE-2942020

CVE-2024-49595

MEDIUM
CVSS:4.9(Medium)

Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this v...

CWE-2942024

CVE-2021-46835

MEDIUM
CVSS:4.3(Medium)

There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.

CWE-2942021