CVE-2022-38125 LOW

CVE-2022-38125: FTP Agent forwards traffic on inactive ports to LinkManager

Vendor Secomea
Product SiteManager
Weakness CWE-923
Published April 19, 2023
Last update February 5, 2025

CVSS base score

2.9/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.

Key dates

02Disclosure timeline

April 19, 2023 CVE published
February 5, 2025 Record updated