Vulnerabilities > CVE-2022-31883 - Authorization Bypass Through User-Controlled Key vulnerability in Marvalglobal Marval MSM 14.19.0.12476

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

marvalglobal

CWE-639

NVD

Published: 2022-06-28

Updated: 2022-07-14

Summary

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.

Vulnerable Configurations

Part	Description	Count
Application	Marvalglobal Marvalglobal Marval MSM 14.19.0.12476	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing
https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys
https://marvalglobal.com/