CVE-2022-25518 — MEDIUM (6.5)

Q: How severe is CVE-2022-25518?

CVE-2022-25518 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-25518?

Check the references section above for vendor advisories and patch information. Affected products include: Tecnoteca Cmdbuild.

Vulnerability Description

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Tecnoteca	Cmdbuild	>= 3.0, <= 3.3.2

Related Weaknesses (CWE)

CWE-532

References

https://www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vRelease NotesVendor Advisory
https://www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vRelease NotesVendor Advisory

FAQ

What is CVE-2022-25518?

CVE-2022-25518 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by...

How severe is CVE-2022-25518?

CVE-2022-25518 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-25518?

Check the references section above for vendor advisories and patch information. Affected products include: Tecnoteca Cmdbuild.