Lucene search
K

196 matches found

CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from a broken access control under /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings,...

8.8CVSS7.9AI score0.00964EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

LIVEBOX Collaboration vDesk 授权问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions that stems from the ability to bypass two-factor authentication for SAML users under /login/backupcode and...

9.8CVSS8.4AI score0.01033EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.22 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

9.1AI score0.00964EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

LIVEBOX Collaboration vDesk 加密问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from /api/v1/vencrypt/decrypt/file A cryptographic issue may occur...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.36 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

9.8AI score0.01033EPSS
Exploits1References1
CVE
CVE
added 2023/04/14 12:0 a.m.50 views

CVE-2022-45178

The CVE-2022-45178 entry concerns LIVEBOX Collaboration vDesk v018 and earlier, where a Broken Access Control flaw exists in multiple endpoints: /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings, /settings/samlusers-settings, and /settings/users-settings. A logged-in SAM...

8.8CVSS8.7AI score0.00964EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.8 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

7.2AI score0.01033EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.5 views

PT-2023-14631 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue exists in the software due to Broken Access Control. This issue affects several API endpoints: "/api/v1/vdeskintegration/saml/user/createorupdate",...

8.8CVSS7.2AI score0.00964EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.6 views

PT-2023-14629 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication for SAML Users. This can occur under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/challenge" endpoint...

9.8CVSS9.2AI score0.01033EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.6 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from an insecure direct object reference may occur in 5.6.5-3/doc/ID-FILE/c/N/C/websocket...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.7 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.9AI score0.00717EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.32 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

9.7AI score0.01033EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.4 views

PT-2023-14630 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows an Insecure Direct Object Reference to occur under the "5.6.5-3/doc/ID-FILE/c/N/C/websocket" endpoint. A malicious unauthenticated user can access cached files in...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

多款产品授权问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from the ability to bypass two-factor authentication at /api/v1/vdeskintegration/challenge...

9.8CVSS8.4AI score0.01033EPSS
Exploits1References2
CVE
CVE
added 2023/04/14 12:0 a.m.50 views

CVE-2022-45170

CVE-2022-45170 affects LIVEBOX Collaboration vDesk (pre-v018) via the endpoint /api/v1/vencrypt/decrypt/file. A malicious user, already logged into a victim’s account, can decipher a file without the user’s key, revealing a cryptographic issue impacting confidentiality. The current sources descri...

6.5CVSS6.3AI score0.00444EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/14 12:0 a.m.142 views

CVE-2022-45175

The vulnerability CVE-2022-45175 affects LIVEBOX Collaboration vDesk through v018. The issue is an Insecure Direct Object Reference in the endpoint 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket, allowing an unauthenticated attacker to access cached files in the OnlyOffice backend of other users by gu...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/14 12:0 a.m.151 views

CVE-2022-45180

CVE-2022-45180 affects LIVEBOX Collaboration vDesk (through v018) with Broken Access Control at the /api/v1/vdesk_{DOMAIN]/export endpoint. A user authenticated to the product without special privileges can export information for all users, a function intended for administrators. Public reference...

6.5CVSS6.2AI score0.00713EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/14 12:0 a.m.63 views

CVE-2022-45174

CVE-2022-45174 affects LIVEBOX Collaboration vDesk versions through v018. The issue allows bypassing Two-Factor Authentication for SAML users via /login/backup_code and /api/v1/vdeskintegration/challenge, by supplying a non-validated backup code, due to improper TOTP verification. Documents descr...

9.8CVSS9.4AI score0.01033EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.6 views

PT-2023-14626 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: A cryptographic issue can occur under the "/api/v1/vencrypt/decrypt/file" endpoint, allowing a malicious user, logged into a victim's account, to decipher a file without knowing t...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.7 views

PT-2023-14628 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions vDesk through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/api/v1/vdeskintegration/challenge" endpoint. Since only the client-side verifies whether a check was...

9.8CVSS9.4AI score0.01033EPSS
Exploits1References2
Rows per page
Query Builder