Lucene search
K

68 matches found

Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.5 views

PT-2024-11552 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for Sensitive Data Exposure through a GET request to "/user/getUserWithTeam". This requires authentication and discloses information associated with all registered user ID...

7.5CVSS6.3AI score0.0049EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the userId...

9.8CVSS6.8AI score0.00459EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.15 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

6.6AI score0.00274EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.18 views

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, roles, user type, license type, and personal detai...

6.8AI score0.00366EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which originates from a GET request to /user/getUserWithTeam and can...

7.5CVSS6.4AI score0.0049EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.6 views

PT-2024-11553 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for an Account Takeover via a POST request to "/profile/updateProfile" using the userId and email parameters. Authentication is required to exploit this issue. Recommendation...

9.8CVSS6.5AI score0.00459EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.5 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the userId...

9.8CVSS6.8AI score0.00292EPSS
Exploits1References1
CVE
CVE
added 2024/10/25 12:0 a.m.54 views

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier are affected by an Account Takeover vulnerability. The issue allows exploitation via a POST to /profile/updateProfile using userId and email parameters, with authentication required. Multiple connected sources confirm the affected versions and the vulnerable endpoint....

9.8CVSS6.6AI score0.00459EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.7 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which originates from a GET request to /user/getUserType and can result ...

5.3CVSS6.4AI score0.00366EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.18 views

CVE-2022-30354

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers...

0.0049EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.12 views

PT-2024-11558 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue is related to multiple Stored XSS also known as Persistent or Type II vulnerabilities. These vulnerabilities can be exploited via a POST request to the "/profile/updateProfile" API...

6.4CVSS6.2AI score0.00274EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.17 views

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

6.9AI score0.00513EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.30 views

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.17 views

CVE-2022-30357

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

0.00292EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.8 views

PT-2024-11555 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for an Account Takeover via a POST request to "/profile/updateProfile" using the userId and email parameters. Authentication is required to exploit this issue. Recommendation...

9.8CVSS6.6AI score0.00292EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.25 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

0.00274EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/25 12:0 a.m.20 views

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

0.00513EPSS
Exploits1References1
CVE
CVE
added 2024/10/25 12:0 a.m.51 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier are affected by a Sensitive Data Exposure vulnerability. The issue arises from a GET request to /user/getUserList, with authentication required. The exposure includes data for all registered users (user IDs, status, email addresses, roles, user type, license type) and...

5.4CVSS6.7AI score0.00274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.46 views

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier are affected by a Privilege Escalation vulnerability. A POST to /user/assignuserrole with userid and role parameters can enable elevation when authenticated with OE_ADMIN privileges. Affected component/versions are specified, with CVSS data indicating multiple impact ...

8.8CVSS7AI score0.00365EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.47 views

CVE-2022-30360

CVE-2022-30360 affects OvalEdge 5.2.8.0 and earlier. The vulnerability is described as multiple Stored XSS (Persistent/Type II) issues that can be triggered via a POST to the endpoint /profile/updateProfile using the slackid or phone parameters; authentication is required. The connected Red Hat/C...

6.4CVSS6.2AI score0.00274EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder