CVE-2022-3229

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-285
View all →

Vulnerability Description

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

Related Vulnerabilities

CVE-2015-3954

CRITICAL
CVSS:9.8(Critical)

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges o...

CWE-2852015

CVE-2015-5463

CRITICAL
CVSS:9.8(Critical)

AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through ar...

CWE-2852015

CVE-2016-0922

CRITICAL
CVSS:9.8(Critical)

EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.

CWE-2852016

CVE-2016-10734

CRITICAL
CVSS:9.8(Critical)

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.

CWE-2852016

CVE-2016-5799

CRITICAL
CVSS:9.8(Critical)

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain acce...

CWE-2852016

CVE-2016-6825

CRITICAL
CVSS:9.8(Critical)

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC6...

CWE-2852016