Lucene search
K

196 matches found

NVD
NVD
added 2023/04/14 2:15 p.m.21 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2023/04/14 2:15 p.m.30 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.5CVSS6.7AI score0.00717EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 2:15 p.m.12 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

8.8CVSS8.9AI score0.00964EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.3 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

8.8CVSS5.8AI score0.00964EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.4 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

6.5CVSS5.8AI score0.00713EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.5 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

9.8CVSS5.8AI score0.01033EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 2:15 p.m.21 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

9.8CVSS9.5AI score0.01033EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2023/04/14 2:15 p.m.29 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

9.8CVSS9.3AI score0.01033EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.4 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5CVSS5.8AI score0.00444EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 2:15 p.m.13 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

6.5CVSS6.3AI score0.00713EPSS
Exploits1References1
Prion
Prion
added 2023/04/14 2:15 p.m.28 views

Code injection

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

7.5CVSS9.5AI score0.01033EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/04/14 2:15 p.m.23 views

Improper access control

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

4CVSS6.2AI score0.00713EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/04/14 2:15 p.m.19 views

Design/Logic Flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

4CVSS6.4AI score0.00717EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/04/14 2:15 p.m.20 views

Authentication flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

7.5CVSS9.4AI score0.01033EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/04/14 2:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

4CVSS6.3AI score0.00444EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/04/14 2:15 p.m.13 views

Improper access control

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

6.5CVSS8.8AI score0.00964EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.6 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

7.2AI score0.00964EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.5 views

PT-2023-14629 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication for SAML Users. This can occur under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/challenge" endpoint...

9.8CVSS9.2AI score0.01033EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.22 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

9.1AI score0.00964EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

LIVEBOX Collaboration vDesk 加密问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from /api/v1/vencrypt/decrypt/file A cryptographic issue may occur...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References2
Rows per page
Query Builder