196 matches found
CVE-2022-45178
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...
LIVEBOX Collaboration vDesk 授权问题漏洞
LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions that stems from the ability to bypass two-factor authentication for SAML users under /login/backupcode and...
PT-2023-14628 · Unknown · Livebox Collaboration Vdesk
Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions vDesk through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/api/v1/vdeskintegration/challenge" endpoint. Since only the client-side verifies whether a check was...
PT-2023-14630 · Unknown · Livebox Collaboration Vdesk
Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows an Insecure Direct Object Reference to occur under the "5.6.5-3/doc/ID-FILE/c/N/C/websocket" endpoint. A malicious unauthenticated user can access cached files in...
CVE-2022-45170
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...
LIVEBOX Collaboration vDesk 加密问题漏洞
LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from /api/v1/vencrypt/decrypt/file A cryptographic issue may occur...
LIVEBOX Collaboration vDesk 安全漏洞
LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from an insecure direct object reference may occur in 5.6.5-3/doc/ID-FILE/c/N/C/websocket...
CVE-2022-45173
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...
CVE-2022-45180
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...
CVE-2022-45173
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...
CVE-2022-45170
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...
CVE-2022-45178
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...
PT-2023-14626 · Unknown · Livebox Collaboration Vdesk
Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: A cryptographic issue can occur under the "/api/v1/vencrypt/decrypt/file" endpoint, allowing a malicious user, logged into a victim's account, to decipher a file without knowing t...
CVE-2022-45175
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...
PT-2023-14631 · Unknown · Livebox Collaboration Vdesk
Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue exists in the software due to Broken Access Control. This issue affects several API endpoints: "/api/v1/vdeskintegration/saml/user/createorupdate",...
CVE-2022-45174
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...
PT-2023-14629 · Unknown · Livebox Collaboration Vdesk
Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication for SAML Users. This can occur under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/challenge" endpoint...
CVE-2022-45174
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...
CVE-2022-45173
CVE-2022-45173 affects LIVEBOX Collaboration vDesk (vDesk) through v018. The flaw allows bypassing Two-Factor Authentication by tampering with the response at /api/v1/vdeskintegration/challenge, since client-side verification can be bypassed. Impact is high (CVE indicates full confidentiality, in...
CVE-2022-45175
The vulnerability CVE-2022-45175 affects LIVEBOX Collaboration vDesk through v018. The issue is an Insecure Direct Object Reference in the endpoint 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket, allowing an unauthenticated attacker to access cached files in the OnlyOffice backend of other users by gu...