CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45175
https://notcve.org/view.php?id=CVE-2022-45175
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file. • https://www.gruppotim.it/it/footer/red-team.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45178
https://notcve.org/view.php?id=CVE-2022-45178
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role. • https://www.gruppotim.it/it/footer/red-team.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45173
https://notcve.org/view.php?id=CVE-2022-45173
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct. • https://www.gruppotim.it/it/footer/red-team.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45180
https://notcve.org/view.php?id=CVE-2022-45180
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator). • https://www.gruppotim.it/it/footer/red-team.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45172
https://notcve.org/view.php?id=CVE-2022-45172
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system. Se descubrió un problema en LIVEBOX Collaboration vDesk antes de v018. El control de acceso roto puede ocurrir en el endpoint /api/v1/registration/validateEmail, el endpoint /api/v1/vdeskintegration/user/adduser y el endpoint /api/v1/registration/changePasswordUser. • https://www.gruppotim.it/it/footer/red-team.html • CWE-863: Incorrect Authorization •