5 matches found
CVE-2022-37774
CVE-2022-37774 affects Maarch RM 2.8.3. A broken access-control flaw allows unauthenticated access to previews of certain documents (PDFs/emails) via a generated URL containing the MD5 hash, e.g. https://{url}/tmp/{MD5}. This URL can disclose the document without authentication, constituting a co...
CVE-2019-15855
Maarch RM prior to 2.5 is affected by a path traversal vulnerability that allows an unauthenticated remote attacker to overwrite arbitrary files via a crafted POST request, if the default installation procedure was followed. This can lead to a permanent Denial of Service, with impact described as...
CVE-2022-37772
CVE-2022-37772 affects Maarch RM up to 2.8.3, where the application’s verbose authentication responses enable an unauthenticated remote attacker to trigger excessive authentication attempts and potentially compromise accounts. Root cause: overly verbose responses in the authentication flow, descr...
CVE-2022-37773
Maarch RM 2.8 is affected by an authenticated SQL Injection on the statistics page, specifically /statistics/retrieve, via the filter parameter. The vulnerability enables complete disclosure of all databases. Several connected sources confirm the issue but do not provide a confirmed fix version; ...
CVE-2019-15854
Summary: CVE-2019-15854 affects Maarch RM prior to 2.5. The issue is a privilege-escalation vulnerability where an authenticated user with the lowest privileges can elevate themselves to the highest administrator privileges by issuing a crafted PUT request to an unauthorized resource. What’s affe...