Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
References
| Link | Resource |
|---|---|
| https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys | Third Party Advisory |
| https://drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing | Broken Link Third Party Advisory |
| https://marvalglobal.com/ | Product Vendor Advisory |
Configurations
History
14 Jul 2022, 15:12
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 8.8 |
08 Jul 2022, 15:51
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
| CWE | CWE-639 | |
| CPE | cpe:2.3:a:marvalglobal:marval_msm:14.19.0.12476:*:*:*:*:*:*:* | |
| References | (MISC) https://marvalglobal.com/ - Product, Vendor Advisory | |
| References | (MISC) https://drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing - Broken Link, Third Party Advisory | |
| References | (MISC) https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys - Third Party Advisory |
28 Jun 2022, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-06-28 21:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-31883
Mitre link : CVE-2022-31883
CVE.ORG link : CVE-2022-31883
JSON object : View
Products Affected
marvalglobal
- marval_msm
CWE
CWE-639
Authorization Bypass Through User-Controlled Key