CVE-2022-37145
HIGHPlexTrac < 1.17.0 - Unauthenticated Excessive Authentication Attempts
Title source: llmDescription
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.
References (2)
Core 2
Core References
Product x_refsource_misc
http://plextrac.com
Technical Description, Third Party Advisory x_refsource_misc
https://www.controlgap.com/blog/a-plextrac-story
Scores
CVSS v3
7.5
EPSS
0.0084
EPSS Percentile
52.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-307
Status
published
Products (1)
plextrac/plextrac
< 1.17.0
Published
Sep 08, 2022
Tracked Since
Feb 18, 2026