CVE-2022-3229 - AskarLabs CVE Database

CVE-2022-3229

Vendor Unified Intents Ab

Product Unified Remote

Weakness CWE-285

Published February 6, 2023

Last update March 25, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

Key dates

02Disclosure timeline

February 6, 2023 CVE published

March 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3229 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2022-31667 Harbor fails to validate the user permissions when updating a robot account CVE-2025-13807 orionsec orion-ops API MachineKeyController.java MachineKeyController improper authorization CVE-2019-25149 Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path CVE-2026-47713 AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration