CVE-2022-4098

HIGH Year: 2022
CVSS v3 Score
8.0
High
Weakness Type
CWE-290
View all →

Vulnerability Description

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device.

Related Vulnerabilities

CVE-2023-34329

HIGH
CVSS:8.0(High)

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidenti...

CWE-2902023

CVE-2017-16897

HIGH
CVSS:8.1(High)

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate thei...

CWE-2902017

CVE-2020-2002

HIGH
CVSS:8.1(High)

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distri...

CWE-2902020

CVE-2022-0030

HIGH
CVSS:8.1(High)

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impers...

CWE-2902022

CVE-2022-30319

HIGH
CVSS:8.1(High)

Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected...

CWE-2902022