Lucene search

[email protected]NVD:CVE-2022-45636

HistoryMar 21, 2023 - 6:15 p.m.

CVE-2022-45636

2023-03-2118:15:12

CWE-862

[email protected]

web.nvd.nist.gov

megafeis

bofei dbd+ application

ios

android

unauthorized access

api requests

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

34.2%

JSON

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

Affected configurations

Nvd

Node

megafeisbofei_dbd\+Match1.4.3iphone_os

megafeisbofei_dbd\+Match1.4.4android

VendorProductVersionCPE
megafeisbofei_dbd\+1.4.3cpe:2.3:a:megafeis:bofei_dbd\+:1.4.3:*:*:*:*:iphone_os:*:*
megafeisbofei_dbd\+1.4.4cpe:2.3:a:megafeis:bofei_dbd\+:1.4.4:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
megafeis	bofei_dbd\+	1.4.3	cpe:2.3:a:megafeis:bofei_dbd\+:1.4.3:::::iphone_os::
megafeis	bofei_dbd\+	1.4.4	cpe:2.3:a:megafeis:bofei_dbd\+:1.4.4:::::android::

References

github.com/WithSecureLabs/megafeis-palm/tree/main/CVE-2022-45636

labs.withsecure.com/advisories/insecure-authorization-scheme-for-api-requests-in-dbd--mobile-co

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

34.2%

JSON

Related for NVD:CVE-2022-45636

cvelist1 prion1 cve1