How severe is CVE-2022-4006?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-4006?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2022-4006 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716.

Related Vulnerabilities

CVE-2001-0827

HIGH

CVSS:7.5(High)

Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.

CWE-4002001

CVE-2002-20001

HIGH

CVSS:7.5(High)

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...

CWE-4002002

CVE-2006-1364

HIGH

CVSS:7.5(High)

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (...

CWE-4002006

CVE-2006-5708

HIGH

CVSS:7.5(High)

Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resu...

CWE-4002006

CVE-2006-6025

HIGH

CVSS:7.5(High)

QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the deta...

CWE-4002006

CVE-2007-20001

HIGH

CVSS:7.5(High)

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iS...

CWE-4002007