PT-2023-20957 · Unknown · Myq Solution Print Server+1
Benjamin Schmidt
+1
·
Published
2023-04-26
·
Updated
2023-05-09
·
CVE-2023-27107
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MyQ Solution Print Server versions prior to 8.2 Patch 32
MyQ Solution Central Server versions prior to 8.2 Patch 22
Description
The issue is related to incorrect access control in the
runReport function, allowing users without appropriate access rights to generate internal reports using a direct URL.Recommendations
For MyQ Solution Print Server versions prior to 8.2 Patch 32, update to version 8.2 Patch 32 or later.
For MyQ Solution Central Server versions prior to 8.2 Patch 22, update to version 8.2 Patch 22 or later.
As a temporary workaround, consider restricting access to the
runReport function until a patch is available.Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Myq Solution Central Server
Myq Solution Print Server