Cyber Resilience

CVE-2022-32430

HighPublic PoC

Published: 21 July 2022

Published
21 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.7789 99.0th percentile
Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-32430 is a high-severity an unspecified weakness vulnerability in Talelin Lin-Cms-Spring-Boot. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 1.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An access control issue affects Lin CMS Spring Boot version 0.2.1. The flaw permits unauthorized access to backend information and functions, reflected in a CVSS 3.1 base score of 7.5 with network attack vector, low complexity, and no required privileges or user interaction.

Attackers located anywhere on the network can exploit the weakness without authentication to retrieve sensitive backend data. The impact is limited to confidentiality, leaving integrity and availability unaffected.

The supplied references point to technical write-ups at mesec.cn but contain no explicit mitigation guidance or patch details. The associated EPSS score has remained flat at a peak of 0.7789 with no subsequent rise.

EU & UK References

Vulnerability details

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

talelin
lin-cms-spring-boot
0.2.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References