DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2022-37774", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-37774", "description": "There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication.", "published": "2022-11-23T00:15:00", "modified": "2022-11-26T03:33:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37774", "reporter": "cve@mitre.org", "references": ["http://maarch.com", "https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md"], "cvelist": ["CVE-2022-37774"], "immutableFields": [], "lastseen": "2022-11-26T06:10:34", "viewCount": 15, "enchantments": {"score": {"value": 1.4, "vector": "NONE"}, "twitter": {"counter": 8, "tweets": [{"link": "https://twitter.com/WolfgangSesin/status/1595224470637125635", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2022-37774) has been published on https://t.co/2msFkitaLj", "author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1595227337473216512", "text": " NEW: CVE-2022-37774 There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. ... (click for more) https://t.co/Hzee0cx4fd", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/www_sesin_at/status/1595224472906244097", "text": "New post from https://t.co/9KYxtdZjkl (CVE-2022-37774) has been published on https://t.co/KIJnKYBFcd", "author": "www_sesin_at", "author_photo": "https://pbs.twimg.com/profile_images/958100963822329858/fb_N8h5n_400x400.jpg"}, {"link": "https://twitter.com/CVEnew/status/1595216868352090112", "text": "CVE-2022-37774 There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an ... https://t.co/Qe6TaMMdc5", "author": "CVEnew", "author_photo": "https://pbs.twimg.com/profile_images/1447927972393111557/PQRMlVvZ_400x400.jpg"}]}, "affected_software": {"major_version": [{"name": "maarch maarch rm", "version": 2}, {"name": "maarch maarch rm", "version": 2}]}, "vulnersScore": 1.4}, "_state": {"dependencies": 1669443932, "score": 1669443990, "twitter": 0, "affected_software_major_version": 1671611801}, "_internal": {"score_hash": "bc3ef924ec52fbd4546b25609f2dc865"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:maarch:maarch_rm:2.9"], "cpe23": ["cpe:2.3:a:maarch:maarch_rm:2.9:*:*:*:*:*:*:*"], "cwe": ["CWE-287"], "affectedSoftware": [{"cpeName": "maarch:maarch_rm", "version": "2.8.6", "operator": "lt", "name": "maarch maarch rm"}, {"cpeName": "maarch:maarch_rm", "version": "2.9", "operator": "eq", "name": "maarch maarch rm"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:maarch:maarch_rm:2.8.6:*:*:*:*:*:*:*", "versionStartIncluding": "2.8", "versionEndExcluding": "2.8.6", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:maarch:maarch_rm:2.9:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://maarch.com", "name": "http://maarch.com", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md", "name": "https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md", "refsource": "MISC", "tags": ["Release Notes", "Third Party Advisory"]}]}

{"cnvd": [{"lastseen": "2022-12-09T11:25:00", "description": "Maarch RM is an electronic archiving system from Maarch Inc. Streamline your authentication process, science and technical control in an efficient and optimized manner.An information disclosure vulnerability exists in Maarch RM 2.8 and later, versions prior to 2.8.6, and 2.9. The vulnerability stems from the fact that when accessing certain specific documents (pdf, email) from an archive, the application suggests a preview that generates a URL containing an md5 hash of the accessed file with no access rights verification. An attacker could exploit the vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-11-25T00:00:00", "type": "cnvd", "title": "Maarch RM Information Disclosure Vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-37774"], "modified": "2022-12-09T00:00:00", "id": "CNVD-2022-86392", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-86392", "cvss": {"score": 0.0, "vector": "NONE"}}]}