Vdesk@* Security Vulnerabilities and Issues — Vdesk@* CVE List

Lucene search

LiveboxcloudVdesk*

7 matches found

CVE•added 2023/04/14 2:15 p.m.•138 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system ...

6.5CVSS6.2AI score0.00093EPSS

CVE•added 2023/04/14 2:15 p.m.•130 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID ...

6.5CVSS6.4AI score0.0015EPSS

CVE•added 2023/04/14 2:15 p.m.•123 views

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the applica...

9.8CVSS9.3AI score0.00025EPSS

CVE•added 2023/04/14 2:15 p.m.•47 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by ...

9.8CVSS9.4AI score0.00025EPSS

CVE•added 2023/01/31 6:15 p.m.•43 views

CVE-2022-45172

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by...

9.8CVSS9.5AI score0.00095EPSS

CVE•added 2023/04/14 2:15 p.m.•37 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.

6.5CVSS6.3AI score0.00034EPSS

CVE•added 2023/04/14 2:15 p.m.•35 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A mali...

8.8CVSS8.7AI score0.00264EPSS