Lucene search
GoogleOSV:CVE-2022-48538HistoryAug 22, 2023 - 7:16 p.m.
CVE-2022-48538
2023-08-2219:16:31
Google
osv.dev
7
cacti
authentication bypass
web login
improper validation
php code
cacti_ldap_auth
software
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
7.5
Confidence
Low
EPSS
0.001
Percentile
32.9%
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
Related
debiancve
debiancve
CVE-2022-48538
2023-08-22 19:16:31
cve
cve
CVE-2022-48538
2023-08-22 19:16:31
cvelist
cvelist
CVE-2022-48538
2023-08-22 00:00:00
ubuntucve
ubuntucve
CVE-2022-48538
2023-08-22 00:00:00
prion
prion
Authentication flaw
2023-08-22 19:16:00
veracode
veracode
Authorization Bypass
2023-08-30 22:26:51
nvd
nvd
CVE-2022-48538
2023-08-22 19:16:31
openvas
openvas
Cacti < 1.2.23 Command Injection Vulnerability - Windows
2022-12-06 00:00:00
Cacti < 1.2.23 Multiple Vulnerabilities - Linux
2022-12-06 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
7.5
Confidence
Low
EPSS
0.001
Percentile
32.9%
Related for OSV:CVE-2022-48538