CVE-2022-31883

Name of the Vulnerable Software and Affected Versions Marval MSM version 14.19.0.12476

Description The issue is related to an Insecure Direct Object Reference (IDOR) vulnerability. This allows a low-privilege user to access other users' API keys, including those of administrators.

Recommendations For Marval MSM version 14.19.0.12476, consider restricting access to API keys to prevent unauthorized viewing, especially for low-privilege users, until a patch is available. As a temporary workaround, limit the visibility of API keys to only those who need them, and avoid using the vulnerable API endpoint that allows low-privilege users to see other users' API keys.