Improper Validation of Integrity Check Value

CVE-2022-36174

High

8.1/10

Summary

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-354 - Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

Advisory Timeline

Published Sep 12, 2022

Improper Validation of Integrity Check Value

CVE-2022-36174

Summary

CWE-354 - Improper Validation of Integrity Check Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS