How severe is CVE-2022-43451?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-43451?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2022-43451

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-287

View all →

Vulnerability Description

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.

CVE-2009-1596

MEDIUM

CVSS:6.5(Medium)

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intende...

CWE-2872009

CVE-2012-1258

MEDIUM

CVSS:6.5(Medium)

cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with adminis...

CWE-2872012

CVE-2015-4987

MEDIUM

CVSS:6.5(Medium)

The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.

CWE-2872015

CVE-2015-5298

MEDIUM

CVSS:6.5(Medium)

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps d...

CWE-2872015