CVE-2022-3273 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@huntrdev	CNA	3.6 LOW	PHYSICAL	LOW	HIGH	CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Affected Products (NVD)

Vendor	Product	Version
ikus-soft	rdiffweb	𝑥 ≤ 2.4.10
ikus-soft	rdiffweb	2.5.0:alpha1
ikus-soft	rdiffweb	2.5.0:alpha2
ikus-soft	rdiffweb	2.5.0:alpha3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-326 - Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8

https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6

https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8

https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6