CVE-2022-26310

Published: Aug 1, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.

Affected (1)

Products: Pandorafms: Pandora Fms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pandorafms Pandora Fms	Up to 7.0_ng_760

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Source: security@pandorafms.com

Vendor Advisory

https://www.incibe.es/en/cve-assignment-publication/coordinated-cves

Source: security@pandorafms.com

Third Party Advisory

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.incibe.es/en/cve-assignment-publication/coordinated-cves

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.