How severe is CVE-2022-32744?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-32744?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2022-32744

HIGH Year: 2022

CVSS v3 Score

8.8

High

Weakness Type

CWE-290

View all →

Vulnerability Description

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

CVE-2018-16483

HIGH

CVSS:8.8(High)

A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.

CWE-2902018

CVE-2018-5354

HIGH

CVSS:8.8(High)

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, i...

CWE-2902018

CVE-2019-16766

HIGH

CVSS:8.8(High)

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new dev...

CWE-2902019

CVE-2021-31195

HIGH

CVSS:8.8(High)

Microsoft Exchange Server Remote Code Execution Vulnerability

CWE-2902021

CVE-2022-42983

HIGH

CVSS:8.8(High)

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.

CWE-2902022

CVE-2023-32207

HIGH

CVSS:8.8(High)

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunde...

CWE-2902023

CVE-2022-32744

Vulnerability Description

Related Vulnerabilities

CVE-2018-16483

CVE-2018-5354

CVE-2019-16766

CVE-2021-31195

CVE-2022-42983

CVE-2023-32207