CVE-2022-34907
CRITICALFileWave < 14.6.3 and 14.7.x < 14.7.2 - Unauthenticated Authentication Bypass via Hard-coded Credentials
Title source: llmDescription
An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://kb.filewave.com/pages/viewpage.action?pageId=55544244
Exploit, Third Party Advisory x_refsource_misc
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
Scores
CVSS v3
9.8
EPSS
0.1582
EPSS Percentile
96.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
filewave/filewave
< 14.6.3
Published
Jul 25, 2022
Tracked Since
Feb 18, 2026