Lucene search
K

23 matches found

Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.7 views

PT-2024-11688 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/createbackupcodes" endpoint. This occurs because th...

6.5CVSS6.9AI score0.00496EPSS
Exploits1References5
CVE
CVE
added 2024/06/10 12:0 a.m.80 views

CVE-2022-45168

LIVEBOX Collaboration vDesk (v018 and prior) is affected by CVE-2022-45168. The issue allows bypassing two-factor authentication by generating or regenerating backup codes at the endpoints /login/backup_code and /api/v1/vdeskintegration/createbackupcodes before the TOTP check is performed. Root c...

6.5CVSS6.9AI score0.00496EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/06/10 12:0 a.m.87 views

CVE-2022-45176

CVE-2022-45176 affects LIVEBOX Collaboration vDesk through v018. The issue is a stored Cross-site Scripting (XSS) vulnerability at the endpoint /api/v1/getbodyfile, triggered by the input parameter uri . The web application does not properly validate parameters before saving them on the server, a...

6.1CVSS6.1AI score0.00314EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.6 views

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v018 and prior versions, which stems from a stored cross-site scripting XSS attack that may occur if parameters sent as input in an HTTP request are not properly checked...

6.1CVSS5.9AI score0.00314EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/10 12:0 a.m.16 views

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

5.3AI score0.00314EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.2 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version 018 and prior versions, which stems from the presence of an unrestricted upload of a dangerous type of file, which allows an authenticated remote user to upload...

8.8CVSS6.8AI score0.00752EPSS
Exploits1References2
NVD
NVD
added 2024/02/21 4:15 p.m.23 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.34 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

6.3AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v031 and prior versions, which stems from a redirection via the /api/v1/notification/createnotification endpoint that allows an authenticated user to send arbitrary push...

5.9CVSS6.8AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2024/02/21 12:0 a.m.696 views

CVE-2022-45169

CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/21 12:0 a.m.24 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.7AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.16 views

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

6.6AI score0.00539EPSS
Exploits0References1
NVD
NVD
added 2023/04/14 2:15 p.m.11 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

6.5CVSS6.3AI score0.00713EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.3 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

8.8CVSS5.8AI score0.00964EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.5 views

PT-2023-14629 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication for SAML Users. This can occur under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/challenge" endpoint...

9.8CVSS9.2AI score0.01033EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.6 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from an insecure direct object reference may occur in 5.6.5-3/doc/ID-FILE/c/N/C/websocket...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References2
CVE
CVE
added 2023/04/14 12:0 a.m.142 views

CVE-2022-45175

The vulnerability CVE-2022-45175 affects LIVEBOX Collaboration vDesk through v018. The issue is an Insecure Direct Object Reference in the endpoint 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket, allowing an unauthenticated attacker to access cached files in the OnlyOffice backend of other users by gu...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.7 views

PT-2023-14628 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions vDesk through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/api/v1/vdeskintegration/challenge" endpoint. Since only the client-side verifies whether a check was...

9.8CVSS9.4AI score0.01033EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.4 views

多款产品授权问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from the ability to bypass two-factor authentication at /api/v1/vdeskintegration/challenge...

9.8CVSS8.4AI score0.01033EPSS
Exploits1References2
NVD
NVD
added 2023/01/31 6:15 p.m.25 views

CVE-2022-45172

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...

9.8CVSS9.7AI score0.01074EPSS
Exploits1References1
Rows per page
Query Builder