CVE-2022-31883

Published: Jun 28, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.

Affected (1)

Products: Marvalglobal: Marval Msm

Marvalglobal

1 product

Marval Msm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Marvalglobal Marval Msm	Version 14.19.0.12476

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (6)

https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys

Source: cve@mitre.org

Third Party Advisory

https://drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://marvalglobal.com/

Source: cve@mitre.org

ProductVendor Advisory

https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://marvalglobal.com/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.