Lucene search

[email protected]NVD:CVE-2022-22789

HistoryJan 25, 2022 - 8:15 p.m.

CVE-2022-22789

2022-01-2520:15:08

CWE-312

[email protected]

web.nvd.nist.gov

charactell

formstorm

account takeover

passwords

cleartext

obfuscated

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

Affected configurations

Nvd

Node

charactellformstormMatch9.00.065enterprise

VendorProductVersionCPE
charactellformstorm9.00.065cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
charactell	formstorm	9.00.065	cpe:2.3:a:charactell:formstorm:9.00.065::::enterprise:::

References

www.gov.il/en/departments/faq/cve_advisories

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2022-22789

cvelist1 prion1 cve1