CVE-2022-37145
HIGHCVSS v3.1: 7.5 · EPSS: 0.0086 (54.2 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 7.5 v3.1 · NVD
- EPSS
- 0.0086 (54.2 percentile) · FIRST.org
- CISA KEV
- No
- Attack conditions (CVSS vector)
- NetworkNo privilegesNo user interaction · Source: NVD Vector
- Affected vendors
- plextrac
- Published
- 2022-09-08 · Modified: 2026-07-05
- References
- Jump to references (2)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Reference https://www.controlgap.com/blog/a-plextrac-story
- Reference http://plextrac.com