CVE-2022-2457

CWE-3074 documents4 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 56.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Process Automation Manager

Timeline

PublishedAug 10

Latest updateAug 11

Description

A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDredhat/process_automation_manager< 7.13.2

▶CVEListV5red_hat_process_automation_manager_7Fixed in 7.13.2

🔴Vulnerability Details

GHSA

GHSA-f6j2-46v4-qxj3: A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the↗2022-08-11

▶

CVEList

CVE-2022-2457: A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the↗2022-08-09

▶

📋Vendor Advisories

Red Hat

Business-central: admin console prone to brute force attack↗2022-07-18

▶