Strix
26.1K

CVE-2022-24985

HIGHCVSS 8.8/10EPSS 2.28%

Last modified

CVE-2022-24985 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.

Description

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.28%

81.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
JqueryformJqueryform< 2022-02-05

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-24985?
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server.
How severe is CVE-2022-24985?
CVE-2022-24985 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 2.28% probability of exploitation in the next 30 days.
How do I fix CVE-2022-24985?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-24985?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST