CVE-2022-3187

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.

Related Vulnerabilities

CVE-2016-5063

MEDIUM
CVSS:5.3(Medium)

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vector...

CWE-2852016

CVE-2016-7651

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intend...

CWE-2852016

CVE-2016-9938

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip...

CWE-2852016

CVE-2018-1113

MEDIUM
CVSS:5.3(Medium)

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemo...

CWE-2852018

CVE-2018-3778

MEDIUM
CVSS:5.3(Medium)

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.

CWE-2852018

CVE-2018-3829

MEDIUM
CVSS:5.3(Medium)

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous run...

CWE-2852018