How severe is CVE-2022-4641?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-4641?

This is classified as CWE-377, which is a common weakness in software security.

CVE-2022-4641 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500.

Related Vulnerabilities

CVE-2016-9595

MEDIUM

CVSS:5.5(Medium)

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them ...

CWE-3772016

CVE-2017-15111

MEDIUM

CVSS:5.5(Medium)

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

CWE-3772017

CVE-2017-7560

MEDIUM

CVSS:5.5(Medium)

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.

CWE-3772017

CVE-2018-17955

MEDIUM

CVSS:5.5(Medium)

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection

CWE-3772018

CVE-2018-19637

MEDIUM

CVSS:5.5(Medium)

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

CWE-3772018

CVE-2018-19640

MEDIUM

CVSS:5.5(Medium)

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local mach...

CWE-3772018