CVE-2022-35629

MEDIUM Year: 2022
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.

Related Vulnerabilities

CVE-2017-3795

MEDIUM
CVSS:5.4(Medium)

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Kn...

CWE-2872017

CVE-2017-6617

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to h...

CWE-2872017

CVE-2018-1999045

MEDIUM
CVSS:5.4(Medium)

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to ...

CWE-2872018

CVE-2019-15617

MEDIUM
CVSS:5.4(Medium)

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.

CWE-2872019

CVE-2020-12848

MEDIUM
CVSS:5.4(Medium)

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous us...

CWE-2872020

CVE-2021-20578

MEDIUM
CVSS:5.4(Medium)

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199...

CWE-2872021