CVE-2022-30357

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:*

History

31 Oct 2024, 16:43

Type Values Removed Values Added
CPE cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.8
References () https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30357 - () https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30357 - Exploit, Third Party Advisory
First Time Ovaledge ovaledge
Ovaledge

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por una vulnerabilidad de apropiación de cuenta mediante una solicitud POST a /profile/updateProfile mediante los parámetros userId y email. Se requiere autenticación.

25 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

25 Oct 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-25 17:15

Updated : 2024-10-31 16:43


NVD link : CVE-2022-30357

Mitre link : CVE-2022-30357

CVE.ORG link : CVE-2022-30357


JSON object : View

Products Affected

ovaledge

  • ovaledge
CWE
NVD-CWE-noinfo CWE-352

Cross-Site Request Forgery (CSRF)