CVE-2022-26310

EPSS 0.32%
Published 01.08.2022 13:15:10
Last modified 21.11.2024 06:53:44
Source security@pandorafms.com
Teams watchlist Login
Open Login

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Pandorafms ≫ Pandora Fms Version <= 7.0_ng_760

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.548

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@pandorafms.com	7.3	2.1	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Vendor Advisory

https://www.incibe.es/en/cve-assignment-publication/coordinated-cves

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26310

EUVD