Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26310

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.

Published

2022-08-01T13:15:10.390

Last Modified

2024-11-21T06:53:44.027

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pandorafms	pandora_fms	≤ 7.0_ng_760	Yes

References

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory ([email protected])
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves Third Party Advisory ([email protected])
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)