Home > Vulnerability Database > CVE-2022-26310

Mend.io Vulnerability Database

CVE-2022-26310

Date: August 1, 2022

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.

Language: PHP

Severity Score

7.3

Related Resources (4)

Url: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Url: https://www.incibe.es/en/cve-assignment-publication/coordinated-cves

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-26310

Url: https://www.mend.io/vulnerability-database/CVE-2022-26310

Severity Score

7.3

Weakness Type (CWE)

Improper Authorization

CWE-285

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-26310

Date: August 1, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?