CVE-2022-45177
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Se descubrió un problema en LIVEBOX Collaboration vDesk hasta v031. Puede ocurrir una discrepancia de respuesta observable en el endpoint /api/v1/vdeskintegration/user/isenableuser, el endpoin /api/v1/sharedsearch?search={NAME]+{SURNAME] y el endpoint /login. La aplicación web proporciona diferentes respuestas a las solicitudes entrantes de una manera que revela información del estado interno a un actor no autorizado fuera de la esfera de control prevista.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2022-11-11 CVE Reserved
- 2024-02-21 CVE Published
- 2024-08-26 CVE Updated
- 2024-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-203: Observable Discrepancy
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Liveboxcloud Search vendor "Liveboxcloud" | Vdesk Search vendor "Liveboxcloud" for product "Vdesk" | <= 031 Search vendor "Liveboxcloud" for product "Vdesk" and version " <= 031" | - |
Affected
| ||||||