CVE-2022-37774

Name of the Vulnerable Software and Affected Versions Maarch RM version 2.8.3

Description The issue concerns a broken access control vulnerability. When accessing specific documents, such as PDFs or emails, from an archive, the application proposes a preview. This preview generates a URL that includes an MD5 hash of the accessed file. The document's URL, in the format https://{url}/tmp/{MD5 hash of the document}, becomes accessible without requiring authentication.

Recommendations For Maarch RM version 2.8.3, consider restricting access to the preview feature until a patch is available, or implement an additional authentication mechanism for the generated URLs to prevent unauthorized access.