CVE-2022-32430
Published: 21 July 2022
Summary
CVE-2022-32430 is a high-severity an unspecified weakness vulnerability in Talelin Lin-Cms-Spring-Boot. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 1.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
An access control issue affects Lin CMS Spring Boot version 0.2.1. The flaw permits unauthorized access to backend information and functions, reflected in a CVSS 3.1 base score of 7.5 with network attack vector, low complexity, and no required privileges or user interaction.
Attackers located anywhere on the network can exploit the weakness without authentication to retrieve sensitive backend data. The impact is limited to confidentiality, leaving integrity and availability unaffected.
The supplied references point to technical write-ups at mesec.cn but contain no explicit mitigation guidance or patch details. The associated EPSS score has remained flat at a peak of 0.7789 with no subsequent rise.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-6395
Vulnerability details
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.