CVE-2022-34906
HIGHFileWave < 14.6.3 and 14.7.x < 14.7.2 - Unauthenticated Sensitive Information Exposure via Hard-coded Cryptographic Key
Title source: llmDescription
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://kb.filewave.com/pages/viewpage.action?pageId=55544244
Exploit, Third Party Advisory x_refsource_misc
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
Scores
CVSS v3
7.5
EPSS
0.1053
EPSS Percentile
95.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (1)
filewave/filewave
< 14.6.3
Published
Jul 25, 2022
Tracked Since
Feb 18, 2026