CVE-2022-22789
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Summary
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Charactell | FormStorm Enterprise | FormStorm Enterprise version 9.00.065 9.00.065 | affected |
Weaknesses
- Account Take Over
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.