CVE-2022-46383

EUVD-2022-49192
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
rackndigital_rebar
𝑥
≤ 4.6.14
rackndigital_rebar
4.7 ≤
𝑥
≤ 4.7.22
rackndigital_rebar
4.8 ≤
𝑥
≤ 4.8.5
rackndigital_rebar
4.9 ≤
𝑥
≤ 4.9.12
rackndigital_rebar
4.10 ≤
𝑥
≤ 4.10.8
𝑥
= Vulnerable software versions
References
https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html
https://rackn.com/products/rebar/
https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html
https://rackn.com/products/rebar/