CVE-2022-34769
Last modified
CVE-2022-34769 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rashim | Michlol | < 187.4392 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-34769?
How severe is CVE-2022-34769?
How do I fix CVE-2022-34769?
Are you affected by CVE-2022-34769?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST