CVE-2022-37145 — HIGH (7.5)

Q: How severe is CVE-2022-37145?

CVE-2022-37145 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-37145?

Check the references section above for vendor advisories and patch information. Affected products include: Plextrac Plextrac.

Vulnerability Description

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Plextrac	Plextrac	< 1.17.0

Related Weaknesses (CWE)

CWE-307

References

http://plextrac.comProduct
https://www.controlgap.com/blog/a-plextrac-storyTechnical DescriptionThird Party Advisory
http://plextrac.comProduct
https://www.controlgap.com/blog/a-plextrac-storyTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2022-37145?

CVE-2022-37145 is a vulnerability with a CVSS score of 7.5 (HIGH). The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacke...

How severe is CVE-2022-37145?

CVE-2022-37145 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37145?

Check the references section above for vendor advisories and patch information. Affected products include: Plextrac Plextrac.