CVE-2022-34769

Name of the Vulnerable Software and Affected Versions Michlol - rashim web interface (affected versions not specified)

Description The issue is related to Insecure Direct Object References (IDOR) in the Michlol - rashim web interface. An attacker needs to login to the system first. After logging in, the attacker can change the value of the ptMsl parameter to access sensitive data that belongs to another user, which they are not supposed to access.

Recommendations As a temporary workaround, consider restricting access to sensitive data until a patch is available. Avoid using the ptMsl parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.