Home > Vulnerability Database > CVE-2022-24860

Mend.io Vulnerability Database

CVE-2022-24860

Date: April 19, 2022

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.

Language: Java

Severity Score

7.4

Related Resources (7)

Url: https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png

Url: https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png

Url: https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg

Url: https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24860

Url: https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png

Url: https://www.mend.io/vulnerability-database/CVE-2022-24860

Severity Score

7.4

Weakness Type (CWE)

Use of Hard-coded Credentials

CWE-798

Use of Hard-coded Cryptographic Key

CWE-321

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24860

Date: April 19, 2022

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?