Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:2 p.m.11 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

5.4CVSS6.6AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2024/10/25 5:15 p.m.25 views

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, roles, user type, license type, and personal detai...

5.3CVSS0.00366EPSS
Exploits1References1
NVD
NVD
added 2024/10/25 5:15 p.m.34 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

5.4CVSS0.00274EPSS
Exploits1References1
NVD
NVD
added 2024/10/25 4:15 p.m.25 views

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

9.8CVSS0.00459EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.17 views

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

6.9AI score0.00513EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.12 views

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

7.1AI score0.00459EPSS
Exploits0References1
CVE
CVE
added 2024/10/25 12:0 a.m.52 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier are affected by a Sensitive Data Exposure vulnerability. The issue arises from a GET request to /user/getUserList, with authentication required. The exposure includes data for all registered users (user IDs, status, email addresses, roles, user type, license type) and...

5.4CVSS6.7AI score0.00274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.48 views

CVE-2022-30360

CVE-2022-30360 affects OvalEdge 5.2.8.0 and earlier. The vulnerability is described as multiple Stored XSS (Persistent/Type II) issues that can be triggered via a POST to the endpoint /profile/updateProfile using the slackid or phone parameters; authentication is required. The connected Red Hat/C...

6.4CVSS6.2AI score0.00274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/10/25 12:0 a.m.42 views

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure via an unauthenticated GET request to /user/getUserType. The endpoint discloses data tied to the registered user: user ID, status, email, roles, user type, license type, and personal details such as first name, last name, gende...

5.3CVSS6.8AI score0.00366EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder