Strix
26.1K

CVE-2022-23904

HIGHCVSS 8/10EPSS 0.42%

Last modified

CVE-2022-23904 is a high-severity vulnerability rated 8/10 on the CVSS scale. Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.

Metrics

CVSS 3.1
8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
0.42%

33.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
RainworxAuctionworx<= 3.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-23904?
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.
How severe is CVE-2022-23904?
CVE-2022-23904 has a CVSS score of 8/10 (HIGH severity). The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.
How do I fix CVE-2022-23904?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-23904?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST