CVE-2022-22789 - OpenCVE

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Charactell	Formstorm

Configuration 1 [-]

cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*

No data.

References

Link	Providers
https://www.gov.il/en/departments/faq/cve_advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2022-01-25T19:11:08

Updated: 2024-08-03T03:21:49.165Z

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22789

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-25T20:15:08.953

Modified: 2022-02-01T16:18:31.077

Link: CVE-2022-22789

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FormStorm Enterprise", "vendor": "Charactell ", "versions": [{"status": "affected", "version": "FormStorm Enterprise version 9.00.065 9.00.065"}]}], "credits": [{"lang": "en", "value": "Michael Starchenko"}], "descriptions": [{"lang": "en", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Account Take Over", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-25T19:11:08", "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"}], "source": {"advisory": "ILVN-2022-0010", "defect": ["ILVN-2022-0010"], "discovery": "EXTERNAL"}, "title": "Charactell - FormStorm Enterprise Account Take Over", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@cyber.gov.il", "ID": "CVE-2022-22789", "STATE": "PUBLIC", "TITLE": "Charactell - FormStorm Enterprise Account Take Over"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FormStorm Enterprise", "version": {"version_data": [{"version_name": "FormStorm Enterprise version 9.00.065", "version_value": "9.00.065"}]}}]}, "vendor_name": "Charactell "}]}}, "credit": [{"lang": "eng", "value": "Michael Starchenko"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Account Take Over"}]}]}, "references": {"reference_data": [{"name": "https://www.gov.il/en/departments/faq/cve_advisories", "refsource": "MISC", "url": "https://www.gov.il/en/departments/faq/cve_advisories"}]}, "solution": [{"lang": "en", "value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"}], "source": {"advisory": "ILVN-2022-0010", "defect": ["ILVN-2022-0010"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:21:49.165Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}]}]}, "cveMetadata": {"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "cveId": "CVE-2022-22789", "datePublished": "2022-01-25T19:11:08", "dateReserved": "2022-01-07T00:00:00", "dateUpdated": "2024-08-03T03:21:49.165Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:charactell:formstorm:9.00.065:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2969F303-4E6C-4481-9E8A-7A6386FDA210", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."}, {"lang": "es", "value": "Charactell - FormStorm Enterprise Account takeover - Un atacante puede modificar (a\u00f1adir, eliminar y actualizar) el archivo de contrase\u00f1as de todos los usuarios. El archivo xx_users.ini de la carpeta FormStorm contiene nombres de usuario en texto sin cifrar y una contrase\u00f1a ofuscada. Un usuario malicioso puede hacerse con una cuenta al sustituir la contrase\u00f1a existente en el archivo"}], "id": "CVE-2022-22789", "lastModified": "2022-02-01T16:18:31.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.7, "source": "cna@cyber.gov.il", "type": "Secondary"}]}, "published": "2022-01-25T20:15:08.953", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}