CVE-2022-46383

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
rackndigital_rebar
𝑥
≤ 4.6.14
rackndigital_rebar
4.7 ≤
𝑥
≤ 4.7.22
rackndigital_rebar
4.8 ≤
𝑥
≤ 4.8.5
rackndigital_rebar
4.9 ≤
𝑥
≤ 4.9.12
rackndigital_rebar
4.10 ≤
𝑥
≤ 4.10.8
𝑥
= Vulnerable software versions
References
https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html
https://rackn.com/products/rebar/
https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html
https://rackn.com/products/rebar/