Lucene search

[email protected]NVD:CVE-2022-4006

HistoryNov 15, 2022 - 10:15 p.m.

CVE-2022-4006

2022-11-1522:15:19

CWE-307

CWE-400

[email protected]

web.nvd.nist.gov

wbce cms

header handler

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.5%

JSON

A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The name of the patch is d394ba39a7bfeb31eda797b6195fd90ef74b2e75. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213716.

Affected configurations

Nvd

Node

wbcewbce_cmsMatch-

VendorProductVersionCPE
wbcewbce_cms-cpe:2.3:a:wbce:wbce_cms:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wbce	wbce_cms	-	cpe:2.3:a:wbce:wbce_cms:-:::::::*

References

github.com/wbce/wbce_cms/commit/d394ba39a7bfeb31eda797b6195fd90ef74b2e75

github.com/WBCE/WBCE_CMS/issues/524

vuldb.com/?id.213716

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.5%

JSON

Related for NVD:CVE-2022-4006

prion1 osv1 cvelist1 cnvd1 cve1