7.5

CVE-2022-37145

EPSS 0.93%
Veröffentlicht 08.09.2022 01:15:07
Zuletzt bearbeitet 21.11.2024 07:14:31
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Plextrac ≫ Plextrac Version < 1.17.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.93%	0.753

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

http://plextrac.com

Product

https://www.controlgap.com/blog/a-plextrac-story

Third Party Advisory

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2022-37145

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37145

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37145

EUVD