CVE-2022-21142
moderate-risk
Published 2022-02-24
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.
Do I need to act?
-
0.65% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Vendor Advisory
https://developer.a-blogcms.jp/blog/news/security-202202.html
Third Party Advisory
https://jvn.jp/en/jp/JVN14706307/index.html
Vendor Advisory
https://developer.a-blogcms.jp/blog/news/security-202202.html
Third Party Advisory
https://jvn.jp/en/jp/JVN14706307/index.html
39
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal