Technical Severity
CRITICAL
CVSS v3.1 Metrics
9.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood
EPSS Prediction
94.22
%
Predictive Probability
Percentile Rank
99.9
th
Documented as more likely to be exploited than 99.9% of known CVEs.
Detection Date
Aug 25, 2022
Remediation Due
Sep 15, 2022
CISA Catalog Active
Threat Analysis
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
Remediation Directive
Apply updates per vendor instructions.