How severe is CVE-2022-38699?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-38699?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2022-38699

MEDIUM Year: 2022

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-59

View all →

Vulnerability Description

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

CVE-2018-1196

MEDIUM

CVSS:5.9(Medium)

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 ...

CWE-592018

CVE-2019-13636

MEDIUM

CVSS:5.9(Medium)

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

CWE-592019

CVE-2022-43293

MEDIUM

CVSS:5.9(Medium)

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.

CWE-592022

CVE-2020-14367

MEDIUM

CVSS:6.0(Medium)

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when ...

CWE-592020