How severe is CVE-2022-30935?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2022-30935?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2022-30935

CRITICAL Year: 2022

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-330

View all →

Vulnerability Description

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.

CVE-2013-4102

CRITICAL

CVSS:9.1(Critical)

Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

CWE-3302013

CVE-2017-6026

CRITICAL

CVSS:9.1(Critical)

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Ve...

CWE-3302017

CVE-2020-16271

CRITICAL

CVSS:9.1(Critical)

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket c...

CWE-3302020