What the vulnerability does
01Description
Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.
CVE-2022-47553
HIGH
CVE-2022-47553: Improper Authorization in Ormazabal products
CVSS base score
8.6/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Key dates
02Disclosure timeline
September 19, 2023
CVE published
August 29, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-25353
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
CVE-2021-1576 Cisco Business Process Automation Privilege Escalation Vulnerabilities
CVE-2025-12814 SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset
CVE-2026-28448 OpenClaw 2026.1.29 < 2026.2.1 - Authorization Bypass in Twitch Plugin allowFrom Access Control
