CVE-2022-3100 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
redhat	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	5.9 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Vendor	Product	Version
openstack	barbican	-
redhat	openstack	16.1
redhat	openstack	16.2
redhat	openstack_for_ibm_power	16.1
redhat	openstack_for_ibm_power	16.2
redhat	openstack_platform	13.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

barbican

bullseye (security)	1:11.0.0-3+deb11u1 fixed
bullseye	1:11.0.0-3+deb11u1 fixed
bookworm	1:15.0.1-2 fixed
sid	1:19.0.0-1 fixed
trixie	1:19.0.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

barbican

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	Fixed 2:14.0.0-0ubuntu1.1 released
focal	Fixed 1:10.1.0-0ubuntu2.2 released
bionic	Fixed 1:6.0.1-0ubuntu1.2 released
xenial	needed
trusty	ignored

Common Weakness Enumeration

CWE-305 - Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

https://access.redhat.com/security/cve/CVE-2022-3100

https://access.redhat.com/security/cve/CVE-2022-3100