CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
tecnotecacmdbuild
3.0 ≤
𝑥
≤ 3.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vulnerability-patch
https://www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vulnerability-patch