Vulnerabilities > CVE-2022-45891 - Incorrect Authorization vulnerability in Planetestream Planet Estream

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

planetestream

CWE-863

critical

NVD

Published: 2022-12-25

Updated: 2023-01-04

Summary

Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).

Vulnerable Configurations

Part	Description	Count
Application	Planetestream Planetestream Planet Estream -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/