PT-2023-20957 · Unknown · Myq Solution Print Server+1

Benjamin Schmidt

Publicado

2023-04-26

Atualizado

2023-05-09

CVE-2023-27107

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MyQ Solution Print Server versions prior to 8.2 Patch 32 MyQ Solution Central Server versions prior to 8.2 Patch 22

Description The issue is related to incorrect access control in the runReport function, allowing users without appropriate access rights to generate internal reports using a direct URL.

Recommendations For MyQ Solution Print Server versions prior to 8.2 Patch 32, update to version 8.2 Patch 32 or later. For MyQ Solution Central Server versions prior to 8.2 Patch 22, update to version 8.2 Patch 22 or later. As a temporary workaround, consider restricting access to the runReport function until a patch is available.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2023-27107

Produtos afetados

Myq Solution Central Server

Myq Solution Print Server

PT-2023-20957 · Unknown · Myq Solution Print Server+1

CVE-2023-27107

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5