CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:*

History

31 Oct 2024, 16:41

Type Values Removed Values Added
References () https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30358 - () https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30358 - Exploit, Third Party Advisory
First Time Ovaledge ovaledge
Ovaledge
CPE cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:*

29 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por una vulnerabilidad de apropiación de cuenta mediante una solicitud POST a /user/updatePassword mediante los parámetros userId y newPsw. Se requiere autenticación.

25 Oct 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-25 17:15

Updated : 2024-10-31 16:41


NVD link : CVE-2022-30358

Mitre link : CVE-2022-30358

CVE.ORG link : CVE-2022-30358


JSON object : View

Products Affected

ovaledge

  • ovaledge
CWE
CWE-863

Incorrect Authorization