Lucene search

[email protected]NVD:CVE-2022-31883

HistoryJun 28, 2022 - 9:15 p.m.

CVE-2022-31883

2022-06-2821:15:07

CWE-639

[email protected]

web.nvd.nist.gov

marval msm v14.19.0.12476

insecure direct object reference

idor

low privilege user

api keys

admins

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.4%

JSON

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.

Affected configurations

Nvd

Node

marvalglobalmarval_msmMatch14.19.0.12476

VendorProductVersionCPE
marvalglobalmarval_msm14.19.0.12476cpe:2.3:a:marvalglobal:marval_msm:14.19.0.12476:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
marvalglobal	marval_msm	14.19.0.12476	cpe:2.3:a:marvalglobal:marval_msm:14.19.0.12476:::::::*

References

cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys

drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing

marvalglobal.com/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.4%

JSON

Related for NVD:CVE-2022-31883

prion1 cvelist1 cve1