{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:42:33.754","vulnerabilities":[{"cve":{"id":"CVE-2022-23172","sourceIdentifier":"cna@cyber.gov.il","published":"2022-07-06T14:15:18.267","lastModified":"2024-11-21T06:48:07.793","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker can access to \"Forgot my password\" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not."},{"lang":"es","value":"Un atacante puede acceder al botón \"Forgot my password\", tan pronto como ponga que el usuario es válido en el sistema, el sistema emitiría un mensaje de que un correo de restablecimiento de contraseña ha sido enviado al usuario. De esta manera puede verificarse qué usuarios están en el sistema y cuáles no"}],"metrics":{"cvssMetricV31":[{"source":"cna@cyber.gov.il","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:priority-software:priority:*:*:*:*:*:*:*:*","versionEndExcluding":"22.0","matchCriteriaId":"D20A9F84-8F5F-4164-85B4-7FE9F1C4C4D7"}]}]}],"references":[{"url":"https://www.gov.il/en/departments/faq/cve_advisories","source":"cna@cyber.gov.il","tags":["Third Party Advisory"]},{"url":"https://www.gov.il/en/departments/faq/cve_advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}