How severe is CVE-2022-27889?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2022-27889?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2022-27889 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.

Related Vulnerabilities

CVE-2018-3739

CRITICAL

CVSS:9.1(Critical)

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed i...

CWE-4002018

CVE-2018-3767

CRITICAL

CVSS:9.1(Critical)

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

CWE-4002018

CVE-2019-9750

CRITICAL

CVSS:9.1(Critical)

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic i...

CWE-4002019

CVE-2022-24118

CRITICAL

CVSS:9.1(Critical)

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7...

CWE-4002022

CVE-2024-45163

CRITICAL

CVSS:9.1(Critical)

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an...

CWE-4002024

CVE-2024-8892

CRITICAL

CVSS:9.1(Critical)

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, withou...

CWE-4002024