cvedb.io
CVE-2022-43978
MEDIUM · CVSS 5.6
EPSS exploitation probability: 0%
Published 2023-01-27T22:15:08.533 · Last modified 2026-06-17T05:07:35.223

Summary

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.

Affected products

pandorafms — pandora_fms

Does this affect you?

Add your gear to cvedb and we'll alert you only when pandorafms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.