CVE-2022-32561

low-risk

Published 2022-06-14

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.

Do I need to act?

0.28% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Couchbase Server

Affected Vendors

Couchbase

References (6)

Release Notes https://docs.couchbase.com/server/current/release-notes/relnotes.html

Vendor Advisory https://forums.couchbase.com/tags/security

Vendor Advisory https://www.couchbase.com/alerts

Release Notes https://docs.couchbase.com/server/current/release-notes/relnotes.html

Vendor Advisory https://forums.couchbase.com/tags/security

Vendor Advisory https://www.couchbase.com/alerts

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal