CVE-2022-26281
Published: 05 April 2022
Summary
CVE-2022-26281 is a high-severity Missing Encryption of Sensitive Data (CWE-311) vulnerability in Bigantsoft Bigant Server. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 37.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-30842
Vulnerability details
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Privacy and security training stresses encryption of sensitive data, reducing missing encryption weaknesses.
Documenting and enforcing configuration settings ensures correct permission assignments for critical resources.
Privacy and security curricula stress encryption requirements, reducing missing encryption of sensitive data.
Monitoring detects missing encryption of sensitive data in storage or transit configurations.
Privacy and security considerations mandated across the SDLC make identification and protection of sensitive data (including encryption decisions) a required activity rather than an afterthought.
Procedures support proper permission assignment for critical resources through documented controls.
Attribute management for resources provides a mechanism to assign and maintain correct permissions based on security labels.
Prevents overly permissive assignments to critical resources by limiting to task needs.