CVE-2022-34906
First published: Mon Jul 25 2022(Updated: )
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FileWave | <14.6.3 | |
| FileWave | >=14.7.0<14.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-34906?
CVE-2022-34906 is considered a high-severity vulnerability due to the exposure of sensitive information.
How do I fix CVE-2022-34906?
To fix CVE-2022-34906, upgrade to FileWave version 14.6.3 or 14.7.2 and later.
What types of systems are affected by CVE-2022-34906?
CVE-2022-34906 affects FileWave versions prior to 14.6.3 and 14.7.x before 14.7.2.
Who can exploit CVE-2022-34906?
An unauthenticated actor can exploit CVE-2022-34906 to decrypt sensitive information.
What impact does CVE-2022-34906 have on security?
CVE-2022-34906 can lead to unauthorized access to sensitive data, compromising the security of affected systems.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/filewave
- canonical/filewave
- version/filewave/14.7.0