CVE-2022-45164

Name of the Vulnerable Software and Affected Versions Archibus Web Central version 2022.03.01.107

Description An issue was discovered in the application where a service allows a basic user to cancel or delete a booking created by someone else, even if the basic user is not a member of the booking.

Recommendations For Archibus Web Central version 2022.03.01.107, consider restricting access to the booking cancellation service to prevent unauthorized deletion of bookings. As a temporary workaround, consider disabling the booking cancellation feature for basic users until a patch is available. Restrict basic users from accessing the booking service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.