How severe is CVE-2022-3741?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2022-3741?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2022-3741 - CRITICAL Severity | CVSS 9.4

Vulnerability Description

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.

Related Vulnerabilities

CVE-2020-10285

CRITICAL

CVSS:9.4(Critical)

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to...

CWE-3072020

CVE-2022-3945

CRITICAL

CVSS:9.4(Critical)

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.

CWE-3072022

CVE-2024-9832

CRITICAL

CVSS:9.3(Critical)

There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthori...

CWE-3072024

CVE-2019-20031

CRITICAL

CVSS:9.1(Critical)

NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing b...

CWE-3072019

CVE-2022-36413

CRITICAL

CVSS:9.1(Critical)

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.

CWE-3072022

CVE-2022-45790

CRITICAL

CVSS:9.1(Critical)

The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected m...

CWE-3072022