Home > Vulnerability Database > CVE-2022-2393

Mend.io Vulnerability Database

CVE-2022-2393

Date: July 14, 2022

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

Severity Score

5.7

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2393

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2101046

Url: https://access.redhat.com/security/cve/CVE-2022-2393

Url: https://access.redhat.com/errata/RHSA-2022:7077

Url: https://access.redhat.com/errata/RHSA-2022:7086

Url: https://security-tracker.debian.org/tracker/CVE-2022-2393

Url: https://www.mend.io/vulnerability-database/CVE-2022-2393

Severity Score

5.7

Weakness Type (CWE)

Authentication Issues

CWE-287

Improper Authorization

CWE-285

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2393

Date: July 14, 2022

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?