Lucene search
Ubuntu.comUB:CVE-2022-48538HistoryAug 22, 2023 - 12:00 a.m.
CVE-2022-48538
2023-08-2200:00:00
ubuntu.com
ubuntu.com
6
cacti
authentication bypass
web login
improper validation
php code
cacti_ldap_auth
password
unix
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
32.9%
In Cacti 1.2.19, there is an authentication bypass in the web login
functionality because of improper validation in the PHP code:
cacti_ldap_auth() allows a zero as the password.
Related
debiancve
debiancve
CVE-2022-48538
2023-08-22 19:16:31
cve
cve
CVE-2022-48538
2023-08-22 19:16:31
cvelist
cvelist
CVE-2022-48538
2023-08-22 00:00:00
prion
prion
Authentication flaw
2023-08-22 19:16:00
osv
osv
CVE-2022-48538
2023-08-22 19:16:31
veracode
veracode
Authorization Bypass
2023-08-30 22:26:51
nvd
nvd
CVE-2022-48538
2023-08-22 19:16:31
openvas
openvas
Cacti < 1.2.23 Command Injection Vulnerability - Windows
2022-12-06 00:00:00
Cacti < 1.2.23 Multiple Vulnerabilities - Linux
2022-12-06 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
32.9%
Related for UB:CVE-2022-48538