// For flags

CVE-2022-37145

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.

La plataforma PlexTrac versiones anteriores a 1.17.0 no restringe los intentos de autenticación excesivos para las cuentas configuradas para usar el proveedor de autenticación PlexTrac. Un atacante remoto no autenticado podría llevar a cabo un ataque de fuerza bruta en la página de inicio de sesión sin límite de tiempo o de intento en un intento de obtener credenciales válidas para usuarios de la plataforma configurados para usar el proveedor de autenticación PlexTrac

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-01 CVE Reserved
  • 2022-09-08 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Plextrac
Search vendor "Plextrac"
Plextrac
Search vendor "Plextrac" for product "Plextrac"
< 1.17.0
Search vendor "Plextrac" for product "Plextrac" and version " < 1.17.0"
-
Affected