CVE-2022-34769

Published: Aug 5, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.

Affected (1)

Products: Rashim: Michlol

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rashim Michlol	Before 187.4392

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://www.gov.il/en/Departments/faq/cve_advisories

Source: cna@cyber.gov.il

https://www.gov.il/en/Departments/faq/cve_advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.