Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Charactell
CVE-2022-22789 (GCVE-0-2022-22789)
Vulnerability from nvd – Published: 2022-01-25 19:11 – Updated: 2024-08-03 03:21
VLAI
Title
Charactell - FormStorm Enterprise Account Take Over
Summary
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
Severity
6.1 (Medium)
CWE
- Account Take Over
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Charactell | FormStorm Enterprise |
Affected:
FormStorm Enterprise version 9.00.065 9.00.065
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FormStorm Enterprise",
"vendor": "Charactell",
"versions": [
{
"status": "affected",
"version": "FormStorm Enterprise version 9.00.065 9.00.065"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Starchenko"
}
],
"descriptions": [
{
"lang": "en",
"value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Account Take Over",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T19:11:08.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"
}
],
"source": {
"advisory": "ILVN-2022-0010",
"defect": [
"ILVN-2022-0010"
],
"discovery": "EXTERNAL"
},
"title": "Charactell - FormStorm Enterprise Account Take Over",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"ID": "CVE-2022-22789",
"STATE": "PUBLIC",
"TITLE": "Charactell - FormStorm Enterprise Account Take Over"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FormStorm Enterprise",
"version": {
"version_data": [
{
"version_name": "FormStorm Enterprise version 9.00.065",
"version_value": "9.00.065"
}
]
}
}
]
},
"vendor_name": "Charactell"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Starchenko"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Account Take Over"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"
}
],
"source": {
"advisory": "ILVN-2022-0010",
"defect": [
"ILVN-2022-0010"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-22789",
"datePublished": "2022-01-25T19:11:08.000Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:49.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22789 (GCVE-0-2022-22789)
Vulnerability from cvelistv5 – Published: 2022-01-25 19:11 – Updated: 2024-08-03 03:21
VLAI
Title
Charactell - FormStorm Enterprise Account Take Over
Summary
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
Severity
6.1 (Medium)
CWE
- Account Take Over
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Charactell | FormStorm Enterprise |
Affected:
FormStorm Enterprise version 9.00.065 9.00.065
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FormStorm Enterprise",
"vendor": "Charactell",
"versions": [
{
"status": "affected",
"version": "FormStorm Enterprise version 9.00.065 9.00.065"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Starchenko"
}
],
"descriptions": [
{
"lang": "en",
"value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Account Take Over",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T19:11:08.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"
}
],
"source": {
"advisory": "ILVN-2022-0010",
"defect": [
"ILVN-2022-0010"
],
"discovery": "EXTERNAL"
},
"title": "Charactell - FormStorm Enterprise Account Take Over",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"ID": "CVE-2022-22789",
"STATE": "PUBLIC",
"TITLE": "Charactell - FormStorm Enterprise Account Take Over"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FormStorm Enterprise",
"version": {
"version_data": [
{
"version_name": "FormStorm Enterprise version 9.00.065",
"version_value": "9.00.065"
}
]
}
}
]
},
"vendor_name": "Charactell"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Starchenko"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Account Take Over"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "A patch was released, Charactell - FormStorm Enterprise version 9.00.066"
}
],
"source": {
"advisory": "ILVN-2022-0010",
"defect": [
"ILVN-2022-0010"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-22789",
"datePublished": "2022-01-25T19:11:08.000Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:21:49.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}