PT-2022-20975 · Marval · Marval Msm

Published

2022-06-28

Updated

2022-07-08

CVE-2022-31887

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Marval MSM version 14.19.0.12476

Description The issue allows an attacker to change any user's password in the organization, potentially leading to privilege escalation by changing the administrator password. This is a 0-Click Account Takeover vulnerability.

Recommendations For Marval MSM version 14.19.0.12476, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2022-31887

Affected Products

Marval Msm

PT-2022-20975 · Marval · Marval Msm

CVE-2022-31887

Weakness Enumeration

Related Identifiers

Affected Products

References · 7