Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
References
Link | Resource |
---|---|
https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys | Third Party Advisory |
https://drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing | Broken Link Third Party Advisory |
https://marvalglobal.com/ | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-28T20:58:26
Updated: 2022-06-28T20:58:26
Reserved: 2022-05-31T00:00:00
Link: CVE-2022-31883
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-28T21:15:07.680
Modified: 2022-07-14T15:12:59.490
Link: CVE-2022-31883
JSON object: View
Redhat Information
No data.
CWE