CVE-2022-40798

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OcoMon version 4.0RC1

Description The issue allows for Incorrect Access Control, enabling an attacker to obtain a user's real email address by sending a specific request. By sending the same request with the correct email, it is possible to take over the account.

Recommendations For OcoMon version 4.0RC1, consider restricting access to sensitive user information, such as email addresses, until a fix is available. As a temporary workaround, limit the ability to send requests that can lead to account takeover.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2022-40798

Affected Products

Ocomon

CVE-2022-40798

Weakness Enumeration

Related Identifiers

Affected Products

References · 7