How severe is CVE-2022-31014?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2022-31014?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2022-31014

LOW Year: 2022

CVSS v3 Score

3.5

Low

CVSS v2 Score

3.5

Low

Weakness Type

CWE-74

View all →

Vulnerability Description

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue.

CVE-2019-1010310

LOW

CVSS:3.5(Low)

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users...

CWE-742019

CVE-2019-11275

LOW

CVSS:3.5(Low)

Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior ...

CWE-742019

CVE-2024-10926

MEDIUM

CVSS:3.5(Low)

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Sect...

CWE-742024

CVE-2024-35777

LOW

CVSS:3.5(Low)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from ...

CWE-742024

CVE-2024-8367

MEDIUM

CVSS:3.5(Low)

A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of...

CWE-742024

CVE-2025-1807

MEDIUM

CVSS:3.5(Low)

A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler....

CWE-742025

CVE-2022-31014

Vulnerability Description

Related Vulnerabilities

CVE-2019-1010310

CVE-2019-11275

CVE-2024-10926

CVE-2024-35777

CVE-2024-8367

CVE-2025-1807