Lucene search

[email protected]CVE-2022-2457

HistoryAug 10, 2022 - 8:15 p.m.

CVE-2022-2457

2022-08-1020:15:36

CWE-307

[email protected]

web.nvd.nist.gov

red hat

process automation manager

cve-2022-2457

security

flaw

brute force

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.

Affected configurations

Vulners

NVD

Node

redhatprocess_automation_managerRange≤7.13.2

VendorProductVersionCPE
redhatprocess_automation_manager*cpe:2.3:a:redhat:process_automation_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	process_automation_manager	*	cpe:2.3:a:redhat:process_automation_manager::::::::

CNA Affected

[
  {
    "product": "Red Hat Process Automation Manager 7",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 7.13.2"
      }
    ]
  }
]

References

bugzilla.redhat.com/show_bug.cgi?id=2107990#c0

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2022-2457

redhatcve1 nvd1 prion1 cvelist1