OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.
References
Link | Resource |
---|---|
https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361 | Exploit Third Party Advisory |
Configurations
History
31 Oct 2024, 16:34
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Ovaledge ovaledge
Ovaledge |
|
References | () https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361 - Exploit, Third Party Advisory |
29 Oct 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-922 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 17:15
Updated : 2024-10-31 16:34
NVD link : CVE-2022-30361
Mitre link : CVE-2022-30361
CVE.ORG link : CVE-2022-30361
JSON object : View
Products Affected
ovaledge
- ovaledge
CWE
CWE-922
Insecure Storage of Sensitive Information