How severe is CVE-2022-48506?

This vulnerability has a severity rating of LOW with a CVSS score of 2.4 out of 10.

What type of vulnerability is CVE-2022-48506?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2022-48506 - LOW Severity | CVSS 2.4

Vulnerability Description

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.

Related Vulnerabilities

CVE-2023-31305

LOW

CVSS:1.9(Low)

Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially r...

CWE-3382023

CVE-2021-3047

LOW

CVSS:3.1(Low)

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability...

CWE-3382021

CVE-2025-46653

LOW

CVSS:3.1(Low)

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographica...

CWE-3382025

CVE-2019-11808

LOW

CVSS:3.7(Low)

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start...

CWE-3382019

CVE-2017-11671

MEDIUM

CVSS:4.0(Medium)

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences ...

CWE-3382017

CVE-2025-27551

MEDIUM

CVSS:4.0(Medium)

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Dige...

CWE-3382025