Vulnerabilities > CVE-2022-31883 - Authorization Bypass Through User-Controlled Key vulnerability in Marvalglobal Marval MSM 14.19.0.12476

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

marvalglobal

CWE-639

NVD

Published: 2022-06-28

Updated: 2022-07-14

Summary

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.

Vulnerable Configurations

Part	Description	Count
Application	Marvalglobal Marvalglobal Marval MSM 14.19.0.12476	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://drive.google.com/drive/folders/17Q8ItseCzj5W7wlD6ZFqL0y1N5Emxz4_?usp=sharing
https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/idor-leads-to-unauthorized-access-to-api-keys
https://marvalglobal.com/