CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1837
https://notcve.org/view.php?id=CVE-2023-1837
23 May 2023 — Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) • https://www.hypr.com/security-advisories • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2193
https://notcve.org/view.php?id=CVE-2022-2193
19 Jul 2022 — Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1. Una vulnerabilidad de Referencia Directa de Objetos no Segura en HYPR Server versiones anteriores a 6.14.1 permite a atacantes remotos autenticados añadir un autenticador FIDO2 a cuentas arbitrarias por medio de la manipulación d... • https://www.hypr.com/security-advisories • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2192
https://notcve.org/view.php?id=CVE-2022-2192
19 Jul 2022 — Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions. Una vulnerabilidad de navegación forzada en HYPR Server versiones 6.10 a 6.15.1, permite a atacantes remotos con un token válido de recuperación de un solo uso elevar los privilegios por medio de la manipulación de la ruta en... • https://www.hypr.com/security-advisories • CWE-425: Direct Request ('Forced Browsing') •