CVE-2022-22987

Critical

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server…

icscert·CWE-321·Published 2022-02-04

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

170 chars

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.

NVDen

170 chars

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.

El producto afectado presenta una clave privada embebida dentro de la carpeta del proyecto, que puede permitir a un atacante lograr el inicio de sesión en el servidor web y llevar a cabo otras acciones

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H