CVE-2022-3738

MEDIUM Year: 2022
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-306
View all →

Vulnerability Description

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

Related Vulnerabilities

CVE-2018-16758

MEDIUM
CVSS:5.9(Medium)

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.

CWE-3062018

CVE-2019-10886

MEDIUM
CVSS:5.9(Medium)

An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attack...

CWE-3062019

CVE-2019-5163

MEDIUM
CVSS:5.9(Medium)

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FA...

CWE-3062019

CVE-2020-13920

MEDIUM
CVSS:5.9(Medium)

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and cal...

CWE-3062020

CVE-2021-28124

MEDIUM
CVSS:5.9(Medium)

A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions ca...

CWE-3062021