Lucene search
+L

68 matches found

CVE
CVE
added 2024/10/25 12:0 a.m.52 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier are affected by a Sensitive Data Exposure vulnerability. The issue arises from a GET request to /user/getUserList, with authentication required. The exposure includes data for all registered users (user IDs, status, email addresses, roles, user type, license type) and...

5.4CVSS6.7AI score0.00274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.46 views

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier are affected by a Privilege Escalation vulnerability. A POST to /user/assignuserrole with userid and role parameters can enable elevation when authenticated with OE_ADMIN privileges. Affected component/versions are specified, with CVSS data indicating multiple impact ...

8.8CVSS7AI score0.00365EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.48 views

CVE-2022-30358

CVE-2022-30358 affects OvalEdge 5.2.8.0 and earlier. A vulnerability in the POST /user/updatePassword endpoint (parameters: userId, newPsw) allows account takeover; authentication is required. Connected sources (Red Hat, NVD, CVE listing, CNNVD) corroborate this description. No remediation detail...

8.8CVSS6.9AI score0.00513EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.48 views

CVE-2022-30360

CVE-2022-30360 affects OvalEdge 5.2.8.0 and earlier. The vulnerability is described as multiple Stored XSS (Persistent/Type II) issues that can be triggered via a POST to the endpoint /profile/updateProfile using the slackid or phone parameters; authentication is required. The connected Red Hat/C...

6.4CVSS6.2AI score0.00274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.42 views

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure via an unauthenticated GET request to /user/getUserType. The endpoint discloses data tied to the registered user: user ID, status, email, roles, user type, license type, and personal details such as first name, last name, gende...

5.3CVSS6.8AI score0.00366EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.43 views

CVE-2022-30357

OvalEdge 5.2.8.0 and earlier are affected by an Account Takeover vulnerability triggered by a POST to /profile/updateProfile using the userId and email parameters. Authentication is required. The Red Hat/CNNVD/CVE entries repeat this finding; NVD lists CVSS v3.1 scores with high/critical impact (...

9.8CVSS6.9AI score0.00292EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.51 views

CVE-2022-30354

OvalEdge 5.2.8.0 and earlier suffers a Sensitive Data Exposure via a GET to /user/getUserWithTeam, requiring authentication. The vulnerability discloses data associated with all registered user IDs. Affected component/endpoint: /user/getUserWithTeam. Root cause is exposure of user data through an...

7.5CVSS6.3AI score0.0049EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.56 views

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier are affected by an Account Takeover vulnerability. The issue allows exploitation via a POST to /profile/updateProfile using userId and email parameters, with authentication required. Multiple connected sources confirm the affected versions and the vulnerable endpoint....

9.8CVSS6.6AI score0.00459EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder