CVE-2022-4006

2022-11-1522:15:19

CWE-400

CWE-307

[email protected]

web.nvd.nist.gov

cve-2022-4006

wbce cms

vulnerability

excessive authentication attempts

remote attack

patch

vdb-213716

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON

A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716.

Affected configurations

NVD

Node

wbcewbce_cmsMatch-

CPENameOperatorVersion
wbce:wbce_cmswbce wbce cmseq-

CPE	Name	Operator	Version
wbce:wbce_cms	wbce wbce cms	eq	-

CNA Affected

[
  {
    "vendor": "WBCE",
    "product": "CMS",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]