CVE-2022-37772

HIGH

Maarch RM 2.8-2.8.5 - Unauthenticated Excessive Authentication Attempts via Verbose Responses

Title source: llm

Description

Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.

References (2)

Core 2

Core References

Product

http://maarch.com

Exploit, Third Party Advisory

https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37772/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0117

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (2)

maarch/maarch_rm 2.9

maarch/maarch_rm 2.8 - 2.8.6

Published Nov 23, 2022

Tracked Since Feb 18, 2026