Vulnerabilities > CVE-2022-30356 - Incorrect Authorization vulnerability in Ovaledge

CVSS 4.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

ovaledge

CWE-863

NVD

Published: 2024-10-25

Updated: 2024-10-31

Summary

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.

Vulnerable Configurations

Part	Description	Count
Application	Ovaledge Ovaledge Ovaledge - Ovaledge Ovaledge 5.0 Ovaledge Ovaledge 5.0.5 Ovaledge Ovaledge 5.0.7 Ovaledge Ovaledge 5.0.8 Ovaledge Ovaledge 5.0.9 Ovaledge Ovaledge 5.0.10 Ovaledge Ovaledge 5.1 Ovaledge Ovaledge 5.1.1 Ovaledge Ovaledge 5.1.2 Ovaledge Ovaledge 5.1.3 Ovaledge Ovaledge 5.1.4 Ovaledge Ovaledge 5.1.5 Ovaledge Ovaledge 5.1.6 Ovaledge Ovaledge 5.1.7 Ovaledge Ovaledge 5.1.8 Ovaledge Ovaledge 5.1.9 Ovaledge Ovaledge 5.2 Ovaledge Ovaledge 5.2.1 Ovaledge Ovaledge 5.2.2 Ovaledge Ovaledge 5.2.3 Ovaledge Ovaledge 5.2.4 Ovaledge Ovaledge 5.2.5 Ovaledge Ovaledge 5.2.6 Ovaledge Ovaledge 5.2.7 Ovaledge Ovaledge 5.2.8	26

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://cve.offsecguy.com/ovaledge/vulnerabilities/privilege-escalation#cve-2022-30356