Lucene search

MitreCVE-2022-30760

HistoryJun 09, 2022 - 4:15 p.m.

CVE-2022-30760

2022-06-0916:15:08

CWE-639

mitre

web.nvd.nist.gov

cve-2022-30760

insecure direct object reference

idor

ihb eg flexnow

sensitive information disclosure

remote authentication

http post

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.

Affected configurations

Nvd

Node

ihb-egfn2webRange<2.04.09.016

VendorProductVersionCPE
ihb-egfn2web*cpe:2.3:a:ihb-eg:fn2web:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ihb-eg	fn2web	*	cpe:2.3:a:ihb-eg:fn2web::::::::

References

homepage.ruhr-uni-bochum.de/Christian.Krug-q97/CVE-2022-30760.html

wiki.ihb-eg.de/doku.php/releasenotes/fn2web2.04.09

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

Related for CVE-2022-30760