Lucene search

MitreCVE-2022-31883

HistoryJun 28, 2022 - 9:15 p.m.

CVE-2022-31883

2022-06-2821:15:07

CWE-639

mitre

web.nvd.nist.gov

554

cve-2022-31883

marval msm

v14.19.0.12476

idor vulnerability

api keys

insecure direct object reference

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.

Affected configurations

Nvd

Node

marvalglobalmarval_msmMatch14.19.0.12476

VendorProductVersionCPE
marvalglobalmarval_msm14.19.0.12476cpe:2.3:a:marvalglobal:marval_msm:14.19.0.12476:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
marvalglobal	marval_msm	14.19.0.12476	cpe:2.3:a:marvalglobal:marval_msm:14.19.0.12476:::::::*

References

cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys

drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing

marvalglobal.com/

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

Related for CVE-2022-31883