CVE-2022-37026

2022-09-2114:15:11

Google

osv.dev

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.9%

JSON

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.

CPENameOperatorVersion
otpeqOTP-17.5.3
otpeqOTP-19.3.6.8
otpeqOTP-19.0.2
otpeqOTP-18.3.4.7
otpeqOTP-22.2.4
otpeqOTP-22.3.4.5
otpeqOTP-21.3.4
otpeqOTP-22.1.1
otpeqOTP-22.3.4.11
otpeqOTP-20.2

Name	Operator	Version
otp	eq	OTP-17.5.3
otp	eq	OTP-19.3.6.8
otp	eq	OTP-19.0.2
otp	eq	OTP-18.3.4.7
otp	eq	OTP-22.2.4
otp	eq	OTP-22.3.4.5
otp	eq	OTP-21.3.4
otp	eq	OTP-22.1.1
otp	eq	OTP-22.3.4.11
otp	eq	OTP-20.2