Vulnerability Details CVE-2022-46382
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.7%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2022-46382
-
cpe:2.3:a:rackn:digital_rebar:4.10
-
cpe:2.3:a:rackn:digital_rebar:4.10.8
-
cpe:2.3:a:rackn:digital_rebar:4.6.14
-
cpe:2.3:a:rackn:digital_rebar:4.7
-
cpe:2.3:a:rackn:digital_rebar:4.7.22
-
cpe:2.3:a:rackn:digital_rebar:4.8
-
cpe:2.3:a:rackn:digital_rebar:4.8.5
-
cpe:2.3:a:rackn:digital_rebar:4.9
-
cpe:2.3:a:rackn:digital_rebar:4.9.12