CVE-2022-44551 The iaware module has a vulnerability in thread security

CVE-2022-44551 The iaware module has a vulnerability in thread security

This issue results because thread_id in the password settings is not verified before being used. This can result in an attacker gaining root privileges. The iaware module has an XSS (cross-site scripting) vulnerability. An attacker can inject malicious code into a website and force users to click on it. Since XSS is a type of CSRF (cross-site request forgery), an attacker can also hijack a user session.

There is a RCE (remote code execution) vulnerability in a function called get_user_details(). This function is used to retrieve a user’s details and data. An attacker can exploit this vulnerability to download additional code for the operating system or to install software or change settings.

------------- Summary of vulnerabilities --------------


There are four vulnerabilities in total. Three of the vulnerabilities are XSS and one is RCE. The XSS vulnerabilities can be exploited by an attacker to inject malicious code into a website or hijack a user’s session. An attacker could also cause a user’s device to download additional code for the operating system or install software or change settings.

Iaware CVEs

There is a RCE vulnerability in a function called get_user_details(). This function is used to retrieve a user’s details and data. An attacker can exploit this vulnerability to download additional code for the operating system or to install software or change settings.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe