{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T20:16:08.541","vulnerabilities":[{"cve":{"id":"CVE-2022-24883","sourceIdentifier":"security-advisories@github.com","published":"2022-04-26T16:15:47.883","lastModified":"2025-11-03T21:15:51.353","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left."},{"lang":"es","value":"FreeRDP es una implementación libre del protocolo de escritorio remoto (RDP). En versiones anteriores a 2.7.0, la autenticación del lado del servidor contra un archivo \"SAM\" podría tener éxito para credenciales inválidas si el servidor ha configurado una ruta de archivo \"SAM\" inválida. Los clientes basados en FreeRDP no están afectados. Las implementaciones de servidores RDP que usan FreeRDP para autenticar contra un archivo \"SAM\" están afectadas. La versión 2.7.0 contiene una corrección para este problema. Como mitigación, use la autenticación personalizada por medio de \"HashCallback\" y/o asegúrese de que la ruta de la base de datos \"SAM\" configurada es válida y que la aplicación dispone de los manejadores del archivo"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.0","matchCriteriaId":"68BB9FD2-F03F-4B57-A9CD-FEDC52626DC5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/","source":"security-advisories@github.com"},{"url":"https://security.gentoo.org/glsa/202210-24","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/releases/tag/2.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AELSWWBAM2YONRPGLWVDY6UNTLJERJYL/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOYKBQOHSRM7JQYUIYUWFOXI2JZ2J5RD/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWR6KSIKXO4B2TXBB3WH6YTNYHN46OY/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202210-24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}