How severe is CVE-2022-31085?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-31085?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2022-31085 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.

Related Vulnerabilities

CVE-2010-3292

MEDIUM

CVSS:5.5(Medium)

The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to ...

CWE-3112010

CVE-2012-5474

MEDIUM

CVSS:5.5(Medium)

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret k...

CWE-3112012

CVE-2018-6975

MEDIUM

CVSS:5.5(Medium)

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.

CWE-3112018

CVE-2019-15704

MEDIUM

CVSS:5.5(Medium)

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SS...

CWE-3112019

CVE-2019-16206

MEDIUM

CVSS:5.5(Medium)

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker ...

CWE-3112019

CVE-2019-16210

MEDIUM

CVSS:5.5(Medium)

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.

CWE-3112019