CVE-2022-38577

High

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to…

mitre·CWE-281·Published 2022-09-19

CVSS

8.8

EPSS

0.02

KEV

Exploits

cve.orgen

179 chars

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

NVDen

179 chars

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

Se ha detectado que ProcessMaker versiones anteriores a 3.5.4, contiene permisos inseguros en la página de perfil de usuario. Esta vulnerabilidad permite a atacantes escalar usuarios normales a Administradores

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H