What is the severity of CVE-2022-24706?

CVE-2022-24706 has a CVSS Base Score of 9.8/10 and is classified as Critical severity. It is important to assess the risk based on your specific environment.

How do I fix CVE-2022-24706?

Remediation typically involves updating the affected software products to the latest patched version. Refer to the 'Affected Products' and 'Remediation' sections on this page for specific mitigation steps and vendor advisories.

Home→Vulnerabilities→CVE-2022-24706

Critical Risk Active Exploitation

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

Share this vulnerability:

⚠️

Confirmed Active Exploitation

This vulnerability is listed in the CISA KEV Catalog. Federal agencies are mandated to patch immediately. Immediate remediation is required.

🚨

Public Exploit Available

A Proof-of-Concept (PoC) or exploit code for this vulnerability is publicly available. This significantly increases the risk of exploitation.

Exploitation Probability (EPSS)

Critical Priority

94.39%

The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.

0% (Theoretical)100% (Certainty)