CVE-2022-33663

CWE-284Improper Access ControlCWE-327Broken Cryptographic AlgorithmCWE-3477 documents6 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 25.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Azure Site Recovery Vmware TO Azure
Timeline
PublishedJul 12
Latest updateJun 9

Description

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

4
GHSA
Authlib has algorithm confusion with asymmetric public keys2024-06-09
GHSA
python-jose algorithm confusion with OpenSSH ECDSA keys2024-04-26
GHSA
GHSA-v5f2-6j8h-cj5q: Azure Site Recovery Elevation of Privilege Vulnerability2022-07-13
CVEList
Azure Site Recovery Elevation of Privilege Vulnerability2022-07-12

📋Vendor Advisories

2
Red Hat
python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats2024-04-26
Microsoft
Azure Site Recovery Elevation of Privilege Vulnerability2022-07-12
CVE-2022-33663 (MEDIUM CVSS 6.5) | Azure Site Recovery Elevation of Pr | cvebase.io