ByteOS Network

NVD Vulnerability Details :

CVE-2022-25804

Analyzed

Source-cve@mitre.org

Published At-09 Jun, 2022 | 04:15

Updated At-17 Jun, 2022 | 16:00

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:L/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

igel>>universal_management_suite>>6.07.100

cpe:2.3:a:igel:universal_management_suite:6.07.100:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-276	Primary	nvd@nist.gov

CWE ID: CWE-276

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0002.md	cve@mitre.org	Exploit Third Party Advisory
https://www.igel.com/igel-solution-family/universal-management-suite/	cve@mitre.org	Product Vendor Advisory

Hyperlink: https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0002.md

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.igel.com/igel-solution-family/universal-management-suite/

Source: cve@mitre.org

Resource:

Product

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History