Lucene search
GoogleOSV:CVE-2022-43340HistoryOct 27, 2022 - 8:15 p.m.
CVE-2022-43340
2022-10-2720:15:34
Google
osv.dev
3
cve-2022-43340
cross-site request forgery
dzzoffice
user accounts
administrator rights
software vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.002
Percentile
58.5%
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
Related
prion
prion
Cross site request forgery (csrf)
2022-10-27 20:15:00
cvelist
cvelist
CVE-2022-43340
2022-10-27 00:00:00
nvd
nvd
CVE-2022-43340
2022-10-27 20:15:34
cve
cve
CVE-2022-43340
2022-10-27 20:15:34
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.002
Percentile
58.5%
Related for OSV:CVE-2022-43340