Vulnerabilities > CVE-2023-27107 - Incorrect Authorization vulnerability in Myq-Solution Central Server and Print Server

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

myq-solution

CWE-863

NVD

Published: 2023-04-26

Updated: 2023-05-09

Summary

Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.

Vulnerable Configurations

Part	Description	Count
Application	Myq-Solution MYQ Solution Central Server * MYQ Solution Central Server 8.2 MYQ Solution Print Server * MYQ Solution Print Server 8.2	4

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816