CVE-2022-21919

CVE Published 2022-01-11
Related CWE(s) CWE-59: Improper Link Resolution Before File Access ('Link Following')
Related Vendor(s) microsoft
Related Product(s) windows_10_21h2, windows_11_21h2, windows_server_2022, windows_10_1909, windows_10_1507, windows_8.1, windows_10_1809, windows_10_21h1, windows_server_2008, windows_server_2016, windows_10_20h2, windows_11, windows_10, windows_server_2012, windows_10_1607, windows_server_20h2, windows_server_2019, windows_7, windows_rt_8.1, windows_server
Exploitation Reported (CISA KEV) 2022-04-25
CVSS 3 Base Score 7.0 (HIGH)
CVSS 3 Attack Complexity HIGH
CVSS 3 Attack Vector LOCAL

Windows User Profile Service Elevation of Privilege Vulnerability

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

References