CVE-2022-31884

Name of the Vulnerable Software and Affected Versions Marval MSM version 14.19.0.12476

Description The issue allows a low privilege user to delete other users' API Keys, including those of high privilege and the Administrator users. This is due to an Improper Access Control vulnerability.

Recommendations For Marval MSM version 14.19.0.12476, consider restricting access to API Key management functions to prevent low privilege users from deleting other users' API Keys until a patch is available. As a temporary workaround, limit the privileges of low-level users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.