OpenCVE

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hypr	Workforce Access

Configuration 1 [-]

cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hypr.com/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: HYPR

Published: 2022-11-03T18:04:32.101Z

Updated: 2024-08-03T01:07:05.900Z

Reserved: 2022-09-21T15:24:09.549Z

Link: CVE-2022-3258

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-03T19:15:09.650

Modified: 2024-11-21T07:19:09.633

Link: CVE-2022-3258

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3258", "assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "state": "PUBLISHED", "assignerShortName": "HYPR", "requesterUserId": "1bf74112-03b7-43bb-8250-f4545b776ac8", "dateReserved": "2022-09-21T15:24:09.549Z", "datePublished": "2022-11-03T18:04:32.101Z", "dateUpdated": "2024-08-03T01:07:05.900Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows"], "product": "Workforce Access", "vendor": "HYPR", "versions": [{"lessThan": "7.7.1", "status": "affected", "version": "0", "versionType": "patch 1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse."}], "value": "Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "shortName": "HYPR", "dateUpdated": "2022-11-03T18:04:37.810Z"}, "references": [{"url": "https://www.hypr.com/security-advisories"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:05.900Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.hypr.com/security-advisories", "tags": ["x_transferred"]}]}]}}