PT-2022-20974 · Marval · Marval Msm
Published
2022-06-28
·
Updated
2022-07-08
·
CVE-2022-31886
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Marval MSM version 14.19.0.12476
Description
The issue allows an attacker to perform a Cross Site Request Forgery (CSRF) attack, which can be used to disable 2FA by sending a malicious form to the user.
Recommendations
For Marval MSM version 14.19.0.12476, consider disabling the functionality that allows 2FA to be disabled via form submissions until a patch is available. Restrict access to sensitive operations that can be manipulated through CSRF attacks to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Marval Msm