Vulnerabilities > CVE-2022-31884 - Unspecified vulnerability in Marvalglobal Marval MSM 14.19.0.12476
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/unauthorized-delete-add-api-users-api-keys
- https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/unauthorized-delete-add-api-users-api-keys
- https://drive.google.com/drive/folders/1lFM9cVUqTlKyDI2azmI1rIF4HoZBt_4i?usp=sharing
- https://drive.google.com/drive/folders/1lFM9cVUqTlKyDI2azmI1rIF4HoZBt_4i?usp=sharing
- https://marvalglobal.com/
- https://marvalglobal.com/