{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T22:03:32.098","vulnerabilities":[{"cve":{"id":"CVE-2022-38337","sourceIdentifier":"cve@mitre.org","published":"2022-12-06T00:15:10.107","lastModified":"2025-04-24T15:15:48.140","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used."},{"lang":"es","value":"Al cancelar una conexión SFTP, MobaXterm anterior a v22.1 envía una contraseña codificada al servidor. El servidor trata esto como un intento de inicio de sesión no válido que puede resultar en una Denegación de Servicio (DoS) para el usuario si se utilizan servicios como fail2ban."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mobatek:mobaxterm:*:*:*:*:*:*:*:*","versionEndIncluding":"22.2","matchCriteriaId":"AB90CF92-AABC-451A-AEE9-6BFC465A0022"}]}]}],"references":[{"url":"https://docs.ssh-mitm.at/vulnerabilities/CVE-2022-38337.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://mobaxterm.mobatek.net/download-home-edition.html","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://docs.ssh-mitm.at/vulnerabilities/CVE-2022-38337.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://mobaxterm.mobatek.net/download-home-edition.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}}]}