How severe is CVE-2022-41961?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-41961?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2022-41961

MEDIUM Year: 2022

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-345

View all →

Vulnerability Description

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered users from the same extId. This issue has been fixed by improving permissions such that banning a user removes all users related to their extId, including registered users that have not joined the meeting. This issue is patched in versions 2.4-rc-6 and 2.5-alpha-1. There are no workarounds.

CVE-2017-7674

MEDIUM

CVSS:4.3(Medium)

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origi...

CWE-3452017

CVE-2018-2434

MEDIUM

CVSS:4.3(Medium)

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1...

CWE-3452018

CVE-2021-21320

MEDIUM

CVSS:4.3(Medium)

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected ...

CWE-3452021

CVE-2021-21588

MEDIUM

CVSS:4.3(Medium)

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking...

CWE-3452021

CVE-2021-24825

MEDIUM

CVSS:4.3(Medium)

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display ar...

CWE-3452021

CVE-2021-29963

MEDIUM

CVSS:4.3(Medium)

Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerab...

CWE-3452021

CVE-2022-41961

Vulnerability Description

Related Vulnerabilities

CVE-2017-7674

CVE-2018-2434

CVE-2021-21320

CVE-2021-21588

CVE-2021-24825

CVE-2021-29963