Main Vulnerability Database SB2022091207

SB2022091207 - Information disclosure in PlexTrac

Published: September 12, 2022

Security Bulletin ID SB2022091207

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2022-37146)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to username enumeration via HTTP response times on invalid login attempts. A remote attacker can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

http://plextrac.com
https://www.controlgap.com/blog/a-plextrac-story