Lucene search
+L

196 matches found

Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.7 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

7.2AI score0.00964EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

LIVEBOX Collaboration vDesk 授权问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions that stems from the ability to bypass two-factor authentication for SAML users under /login/backupcode and...

9.8CVSS8.4AI score0.01033EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.10 views

PT-2023-14628 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions vDesk through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/api/v1/vdeskintegration/challenge" endpoint. Since only the client-side verifies whether a check was...

9.8CVSS9.4AI score0.01033EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.6 views

PT-2023-14630 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows an Insecure Direct Object Reference to occur under the "5.6.5-3/doc/ID-FILE/c/N/C/websocket" endpoint. A malicious unauthenticated user can access cached files in...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.8 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.8AI score0.00444EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.6 views

LIVEBOX Collaboration vDesk 加密问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from /api/v1/vencrypt/decrypt/file A cryptographic issue may occur...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.7 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from an insecure direct object reference may occur in 5.6.5-3/doc/ID-FILE/c/N/C/websocket...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.13 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

6.9AI score0.01033EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.18 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

6.5AI score0.00713EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.36 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

9.7AI score0.01033EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.34 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5AI score0.00444EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.26 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

9.1AI score0.00964EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.8 views

PT-2023-14626 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: A cryptographic issue can occur under the "/api/v1/vencrypt/decrypt/file" endpoint, allowing a malicious user, logged into a victim's account, to decipher a file without knowing t...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.8 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.9AI score0.00717EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.7 views

PT-2023-14631 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue exists in the software due to Broken Access Control. This issue affects several API endpoints: "/api/v1/vdeskintegration/saml/user/createorupdate",...

8.8CVSS7.2AI score0.00964EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.8 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

7.2AI score0.01033EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.7 views

PT-2023-14629 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication for SAML Users. This can occur under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/challenge" endpoint...

9.8CVSS9.2AI score0.01033EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.39 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

9.8AI score0.01033EPSS
Exploits1References1
CVE
CVE
added 2023/04/14 12:0 a.m.145 views

CVE-2022-45173

CVE-2022-45173 affects LIVEBOX Collaboration vDesk (vDesk) through v018. The flaw allows bypassing Two-Factor Authentication by tampering with the response at /api/v1/vdeskintegration/challenge, since client-side verification can be bypassed. Impact is high (CVE indicates full confidentiality, in...

9.8CVSS9.3AI score0.01033EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/14 12:0 a.m.145 views

CVE-2022-45175

The vulnerability CVE-2022-45175 affects LIVEBOX Collaboration vDesk through v018. The issue is an Insecure Direct Object Reference in the endpoint 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket, allowing an unauthenticated attacker to access cached files in the OnlyOffice backend of other users by gu...

6.5CVSS6.4AI score0.00717EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder