Lucene search

[email protected]NVD:CVE-2022-30760

HistoryJun 09, 2022 - 4:15 p.m.

CVE-2022-30760

2022-06-0916:15:08

CWE-639

[email protected]

web.nvd.nist.gov

cve-2022-30760

idor

fn2web

remote authenticated attackers

sensitive student information

http post request

frontcontrollerss endpoint

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

39.5%

JSON

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.

Affected configurations

Nvd

Node

ihb-egfn2webRange<2.04.09.016

VendorProductVersionCPE
ihb-egfn2web*cpe:2.3:a:ihb-eg:fn2web:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ihb-eg	fn2web	*	cpe:2.3:a:ihb-eg:fn2web::::::::

References

homepage.ruhr-uni-bochum.de/Christian.Krug-q97/CVE-2022-30760.html

wiki.ihb-eg.de/doku.php/releasenotes/fn2web2.04.09

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

39.5%

JSON

Related for NVD:CVE-2022-30760

prion1 cvelist1 cve1