Vulnerability Details : CVE-2022-38577
Potential exploit
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
Products affected by CVE-2022-38577
- cpe:2.3:a:processmaker:processmaker:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-38577
16.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-38577
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-38577
-
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-38577
-
https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharing
https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharingExploit;Third Party Advisory
-
http://processmaker.com
ProcessMaker | Business Process Automation Software | Low-Code BPAProduct
-
http://packetstormsecurity.com/files/168427/ProcessMaker-Privilege-Escalation.html
ProcessMaker Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to