CVE-2022-30760
Last modified
CVE-2022-30760 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ihb-Eg | Fn2web | < 2.04.09.016 |
References
- https://homepage.ruhr-uni-bochum.de/Christian.Krug-q97/CVE-2022-30760.htmlExploit, Third Party Advisory
- https://wiki.ihb-eg.de/doku.php/releasenotes/fn2web2.04.09Release Notes, Vendor Advisory
- https://homepage.ruhr-uni-bochum.de/Christian.Krug-q97/CVE-2022-30760.htmlExploit, Third Party Advisory
- https://wiki.ihb-eg.de/doku.php/releasenotes/fn2web2.04.09Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-30760?
How severe is CVE-2022-30760?
How do I fix CVE-2022-30760?
Are you affected by CVE-2022-30760?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST