CVE-2022-34769 MEDIUM

CVE-2022-34769: Michlol - rashim web interface Insecure direct object references (IDOR)

Vendor Michlol
Product Michlol - rashim web
Published August 5, 2022
Last update September 16, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.

Key dates

02Disclosure timeline

August 5, 2022 CVE published
September 16, 2024 Record updated