CVE-2022-26904
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
15/04/2022
Last modified:
24/02/2025
Description
Windows User Profile Service Elevation of Privilege Vulnerability
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH
Base Score 2.0
4.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* | 10.0.10240.19265 (excluding) | |
| cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* | 10.0.14393.5066 (excluding) | |
| cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* | 10.0.17763.2803 (excluding) | |
| cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:* | 10.0.18363.2212 (excluding) | |
| cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:* | 10.0.19042.1645 (excluding) | |
| cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:* | 10.0.19043.1645 (excluding) | |
| cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* | 10.0.19044.1645 (excluding) | |
| cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* | 10.0.22000.613 (excluding) | |
| cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page