Technical Severity
HIGH
CVSS v3.1 Metrics
8.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood
EPSS Prediction
4.50
%
Predictive Probability
Percentile Rank
88.9
th
Documented as more likely to be exploited than 88.9% of known CVEs.
Detection Date
Jan 18, 2022
Remediation Due
Jul 18, 2022
CISA Catalog Active
Threat Analysis
Improper sanitization in the extension file names is present in Drupal core.
Remediation Directive
Apply updates per vendor instructions.