Cyber Resilience

CVE-2022-28795

Medium

Published: 12 April 2022

Published
12 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score 0.0033 56.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-28795 is a medium-severity an unspecified weakness vulnerability in Avira Password Manager. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 43.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically.…

more

An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

avira
password manager
2.18.4, 2.18.4.3847, 2.18.4.38471, 2.18.4.3868

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References