CVE-2022-22789

Charactell - FormStorm Enterprise Account takeover  An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
INCDCNA
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
charactellformstorm
9.00.065
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.gov.il/en/departments/faq/cve_advisories
https://www.gov.il/en/departments/faq/cve_advisories