Lucene search
K

5 matches found

CNVD
CNVD
added 2022/06/30 12:0 a.m.22 views

Marval MSM Cross-Site Request Forgery Vulnerability

Marval MSM is an innovative IT service management software from Marval UK. The Marval MSM v14.19.0.12476 release has a cross-site request forgery vulnerability that can be exploited by an attacker to disable 2FA by sending a malicious form to a user...

6.5CVSS6.4AI score0.02069EPSS
Exploits1References1
Prion
Prion
added 2022/06/28 10:15 p.m.18 views

Improper access control

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...

4CVSS6.4AI score0.01103EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/06/28 9:15 p.m.20 views

CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

8.8CVSS0.00905EPSS
Exploits0References3
CVE
CVE
added 2022/06/28 8:58 p.m.581 views

CVE-2022-31883

Marval MSM v14.19.0.12476 is affected by an Insecure Direct Object Reference (IDOR) vulnerability. A low-privilege user can view other users’ API keys, including Admins’ API keys. Root cause: IDOR flaw in the application’s handling of user/API key access. Impact stated in the provided sources is ...

8.8CVSS8.6AI score0.00905EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/06/28 8:58 p.m.22 views

CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

8.9AI score0.00905EPSS
Exploits0References3
Rows per page
Query Builder