How severe is CVE-2022-31120?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2022-31120?

This is classified as CWE-778, which is a common weakness in software security.

CVE-2022-31120 - LOW Severity | CVSS 2.7

Vulnerability Description

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.

Related Vulnerabilities

CVE-2024-24901

LOW

CVSS:2.3(Low)

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messa...

CWE-7782024

CVE-2021-32680

LOW

CVSS:3.3(Low)

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for th...

CWE-7782021

CVE-2021-33689

LOW

CVSS:3.5(Low)

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, securit...

CWE-7782021

CVE-2019-19295

MEDIUM

CVSS:4.3(Medium)

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based co...

CWE-7782019

CVE-2022-25783

MEDIUM

CVSS:4.3(Medium)

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.

CWE-7782022

CVE-2024-2291

MEDIUM

CVSS:4.3(Medium)

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticate...

CWE-7782024