CVE-2022-29249 — HIGH (7.5)

Vulnerability Description

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Javaez Project	Javaez	1.6

Related Weaknesses (CWE)

CWE-328 CWE-326 CWE-327

References

https://github.com/JavaEZLib/JavaEZ/releases/tag/1.7Release NotesThird Party Advisory
https://github.com/JavaEZLib/JavaEZ/security/advisories/GHSA-67fj-6w6m-w5j8Third Party Advisory
https://github.com/JavaEZLib/JavaEZ/releases/tag/1.7Release NotesThird Party Advisory
https://github.com/JavaEZLib/JavaEZ/security/advisories/GHSA-67fj-6w6m-w5j8Third Party Advisory

FAQ

What is CVE-2022-29249?

CVE-2022-29249 is a vulnerability with a CVSS score of 7.5 (HIGH). JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applic...

How severe is CVE-2022-29249?

CVE-2022-29249 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29249?

Check the references section above for vendor advisories and patch information. Affected products include: Javaez Project Javaez.