CVE-2022-45177

Name of the Vulnerable Software and Affected Versions LIVEBOX Collaboration vDesk versions through v031

Description An issue was discovered in LIVEBOX Collaboration vDesk, where an Observable Response Discrepancy can occur under the "/api/v1/vdeskintegration/user/isenableuser" endpoint, the "/api/v1/sharedsearch?search={NAME}+{SURNAME}" endpoint, and the "/login" endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Recommendations For LIVEBOX Collaboration vDesk versions through v031, consider restricting access to the "/api/v1/vdeskintegration/user/isenableuser", "/api/v1/sharedsearch", and "/login" endpoints until a patch is available. As a temporary workaround, avoid using the search parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.