CVE-2022-4771401.02.2023, 14:15Last Yard 22.09.8-1 does not enforce HSTS headersEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CVEADP------CISA-ADPADP9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 13%VendorProductVersionlastyardlast_yard22.09.8-1𝑥= Vulnerable software versionsKnown Exploits!https://github.com/l00neyhacker/CVE-2022-47714https://github.com/l00neyhacker/CVE-2022-47714Common Weakness EnumerationCWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Referenceshttps://github.com/l00neyhacker/CVE-2022-47714https://github.com/l00neyhacker/CVE-2022-47714