How severe is CVE-2022-37400?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-37400?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2022-37400 - HIGH Severity | CVSS 8.8

Vulnerability Description

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice

Related Vulnerabilities

CVE-2017-17091

HIGH

CVSS:8.8(High)

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions...

CWE-3302017

CVE-2019-16205

HIGH

CVSS:8.8(High)

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several pos...

CWE-3302019

CVE-2020-27264

HIGH

CVSS:8.8(High)

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which a...

CWE-3302020

CVE-2020-9449

HIGH

CVSS:8.8(High)

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to esc...

CWE-3302020

CVE-2021-22038

HIGH

CVSS:8.8(High)

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This ...

CWE-3302021

CVE-2021-46010

HIGH

CVSS:8.8(High)

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicio...

CWE-3302021