9 matches found
CVE-2022-30359
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...
CVE-2022-30361
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, roles, user type, license type, and personal detai...
CVE-2022-30359
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...
CVE-2022-30355
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...
CVE-2022-30358
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...
CVE-2022-30355
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...
CVE-2022-30359
OvalEdge 5.2.8.0 and earlier are affected by a Sensitive Data Exposure vulnerability. The issue arises from a GET request to /user/getUserList, with authentication required. The exposure includes data for all registered users (user IDs, status, email addresses, roles, user type, license type) and...
CVE-2022-30360
CVE-2022-30360 affects OvalEdge 5.2.8.0 and earlier. The vulnerability is described as multiple Stored XSS (Persistent/Type II) issues that can be triggered via a POST to the endpoint /profile/updateProfile using the slackid or phone parameters; authentication is required. The connected Red Hat/C...
CVE-2022-30361
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure via an unauthenticated GET request to /user/getUserType. The endpoint discloses data tied to the registered user: user ID, status, email, roles, user type, license type, and personal details such as first name, last name, gende...