Lucene search

HackeroneCVELIST:CVE-2022-44569

HistoryNov 03, 2023 - 6:13 p.m.

CVE-2022-44569

2023-11-0318:13:19

hackerone

www.cve.org

insecure communication

local attacker

authentication bypass

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Automation",
    "versions": [
      {
        "version": "2023.4",
        "status": "affected",
        "lessThan": "2023.4",
        "versionType": "semver"
      }
    ]
  }
]

References

help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2022-44569