Rewterz Threat Advisory – Multiple Dell BIOS Vulnerabilities
March 15, 2022Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
March 16, 2022Rewterz Threat Advisory – Multiple Dell BIOS Vulnerabilities
March 15, 2022Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
March 16, 2022Severity
Medium
Analysis Summary
CVE-2022-26779
Apache CloudStack could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the use of insecure random number generation to generate project invitation tokens in the invite to project logic. By generating time deterministic tokens with brute force attack techniques, an authenticated attacker could exploit this vulnerability to gain elevated privileges as other project users.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-26779
Affected Vendors
- Apache
Affected Products
- Apache CloudStack 4.16.0.0
Remediation
Upgrade to the latest version of Apache CloudStack, available from the Apache Web site.