Skip to main content

Rdiffweb CVE-2022-3327

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2022-10-20 security@huntr.dev
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 20, 2022 - 00:15 nvd
CRITICAL 9.8

DescriptionNVD

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.

AnalysisAI

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. Affected products include: Ikus-Soft Rdiffweb. Version information: prior to 2.5.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Require authentication for all sensitive operations, implement defense in depth.

CVE-2022-4724 CRITICAL POC
9.8 Dec 27

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this v

CVE-2022-4719 CRITICAL POC
9.8 Dec 27

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this vul

CVE-2022-4314 CRITICAL POC
9.8 Dec 12

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. Rated critical severity (CVSS 9.8),

CVE-2022-3362 CRITICAL POC
9.8 Nov 14

Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. Rated critical severity (CVSS 9.8)

CVE-2022-3273 CRITICAL POC
9.8 Oct 06

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated criti

CVE-2022-3269 CRITICAL POC
9.8 Sep 23

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2023-5289 HIGH POC
8.8 Sep 29

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. Rated high se

CVE-2022-3221 HIGH POC
8.8 Sep 15

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. Rated high severity (CVSS 8.8),

CVE-2022-3179 HIGH POC
8.8 Sep 13

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. Rated high severity (CVSS 8.8), this vu

CVE-2022-3167 HIGH POC
8.8 Sep 08

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. Rated high se

CVE-2022-3389 HIGH POC
7.5 Oct 06

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. Rated high severity (CVSS 7.5), this vulnerability

CVE-2022-3371 HIGH POC
7.5 Sep 30

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. Rated high

Share

CVE-2022-3327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy