Vulnerability Description
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.
CVSS Score
4.9
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haystacksoftware | Arq Backup | <= 7.19.5.0 |
Related Weaknesses (CWE)
References
- https://startrekdude.github.io/arqbackup.htmlMailing ListThird Party Advisory
- https://www.arqbackup.com/download/arqbackup/arq7windows_release_notes.htmlRelease NotesVendor Advisory
- https://startrekdude.github.io/arqbackup.htmlMailing ListThird Party Advisory
- https://www.arqbackup.com/download/arqbackup/arq7windows_release_notes.htmlRelease NotesVendor Advisory
FAQ
What is CVE-2022-36617?
CVE-2022-36617 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.
How severe is CVE-2022-36617?
CVE-2022-36617 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36617?
Check the references section above for vendor advisories and patch information. Affected products include: Haystacksoftware Arq Backup.