CVE-2023-27107

Published: Apr 26, 2023Modified: Feb 3, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.

Affected (4)

Products: Myq Solution: Central Server, Print Server

Myq Solution

2 products

Central Server

Print Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Myq Solution Central Server	Before 8.2
Myq Solution Central Server	Version 8.2
Myq Solution Print Server	Before 8.2
Myq Solution Print Server	Version 8.2

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.