CVE-2022-25943

Published Mar 9, 2022

Last updated 3 months ago

Overview

Description
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
Source
vultures@jpcert.or.jp
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
4.6
Impact score
6.4
Exploitability score
3.9
Vector string
AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

vultures@jpcert.or.jp
CWE-276
nvd@nist.gov
CWE-276

Social media

Hype score
Not currently trending

Configurations