How severe is CVE-2022-29161?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-29161?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2022-29161 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module.

Related Vulnerabilities

CVE-2007-6013

CRITICAL

CVSS:9.8(Critical)

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gene...

CWE-3272007

CVE-2012-4449

CRITICAL

CVSS:9.8(Critical)

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-depend...

CWE-3272012

CVE-2014-8687

CRITICAL

CVSS:9.8(Critical)

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens...

CWE-3272014

CVE-2014-9969

CRITICAL

CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.

CWE-3272014

CVE-2016-6602

CRITICAL

CVSS:9.8(Critical)

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/s...

CWE-3272016

CVE-2017-17717

CRITICAL

CVSS:9.8(Critical)

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

CWE-3272017