CVE-2022-25577
Published Mar 25, 2022
Last updated 3 years ago
Overview
- Description
- ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-798
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alf-banco:alf-banco:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF4177EB-9609-4DC3-B02C-87E290B24DAA",
"versionEndIncluding": "8.2.5",
"versionStartIncluding": "8.2.3"
}
],
"operator": "OR"
}
]
}
]