CVE Vulnerabilities

CVE-2022-30231

Transmission of Private Resources into a New Sphere ('Resource Leak')

Published: Jun 14, 2022 | Modified: Nov 21, 2024
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.

Weakness

The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

Affected Software

Name Vendor Start Version End Version
Sicam_gridedge_essential Siemens * 2.6.6 (excluding)

References