CVE-2022-23232

EPSS 0.34%
Published 04.03.2022 18:15:08
Last modified 21.11.2024 06:48:14
Source security-alert@netapp.com
Teams watchlist Login
Open Login

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale).

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Netapp ≫ Storagegrid Version < 11.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.535

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

https://security.netapp.com/advisory/NTAP-20220303-0009/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-23232

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23232

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23232

EUVD