CVE-2022-36617 - OpenCVE

Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Haystacksoftware	Arq Backup

Configuration 1 [-]

cpe:2.3:a:haystacksoftware:arq_backup:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://startrekdude.github.io/arqbackup.html
https://www.arqbackup.com/download/arqbackup/arq7windows_release_notes.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-09T15:33:18

Updated: 2024-08-03T10:07:34.503Z

Reserved: 2022-07-25T00:00:00

Link: CVE-2022-36617

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-09T16:15:08.993

Modified: 2022-09-14T20:29:53.803

Link: CVE-2022-36617

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-09T15:33:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://startrekdude.github.io/arqbackup.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.arqbackup.com/download/arqbackup/arq7windows_release_notes.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36617", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://startrekdude.github.io/arqbackup.html", "refsource": "MISC", "url": "https://startrekdude.github.io/arqbackup.html"}, {"name": "https://www.arqbackup.com/download/arqbackup/arq7windows_release_notes.html", "refsource": "MISC", "url": "https://www.arqbackup.com/download/arqbackup/arq7windows_release_notes.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:07:34.503Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://startrekdude.github.io/arqbackup.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.arqbackup.com/download/arqbackup/arq7windows_release_notes.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36617", "datePublished": "2022-09-09T15:33:18", "dateReserved": "2022-07-25T00:00:00", "dateUpdated": "2024-08-03T10:07:34.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}