Lucene search
+L
MaarchMaarch Rm

5 matches found

CVE
CVE
added 2022/11/22 12:0 a.m.66 views

CVE-2022-37774

CVE-2022-37774 affects Maarch RM 2.8.3. A broken access-control flaw allows unauthenticated access to previews of certain documents (PDFs/emails) via a generated URL containing the MD5 hash, e.g. https://{url}/tmp/{MD5}. This URL can disclose the document without authentication, constituting a co...

5.3CVSS5.2AI score0.00516EPSS
CVE
CVE
added 2020/01/17 4:38 p.m.65 views

CVE-2019-15855

Maarch RM prior to 2.5 is affected by a path traversal vulnerability that allows an unauthenticated remote attacker to overwrite arbitrary files via a crafted POST request, if the default installation procedure was followed. This can lead to a permanent Denial of Service, with impact described as...

9.1CVSS8.9AI score0.01508EPSS
CVE
CVE
added 2022/11/23 12:0 a.m.63 views

CVE-2022-37772

CVE-2022-37772 affects Maarch RM up to 2.8.3, where the application’s verbose authentication responses enable an unauthenticated remote attacker to trigger excessive authentication attempts and potentially compromise accounts. Root cause: overly verbose responses in the authentication flow, descr...

7.5CVSS7.7AI score0.01104EPSS
CVE
CVE
added 2022/11/22 12:0 a.m.61 views

CVE-2022-37773

Maarch RM 2.8 is affected by an authenticated SQL Injection on the statistics page, specifically /statistics/retrieve, via the filter parameter. The vulnerability enables complete disclosure of all databases. Several connected sources confirm the issue but do not provide a confirmed fix version; ...

6.5CVSS6.9AI score0.00718EPSS
Web
CVE
CVE
added 2020/01/17 4:41 p.m.59 views

CVE-2019-15854

Summary: CVE-2019-15854 affects Maarch RM prior to 2.5. The issue is a privilege-escalation vulnerability where an authenticated user with the lowest privileges can elevate themselves to the highest administrator privileges by issuing a crafted PUT request to an unauthorized resource. What’s affe...

8.8CVSS8.4AI score0.01283EPSS