CVE-2022-27247

Exploit

EPSS 0.21%
Veröffentlicht 13.05.2022 15:15:08
Zuletzt bearbeitet 21.11.2024 06:55:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cdsoft ≫ Winhotel.Mx Version2021

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.439

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://myses.de/#about

Third Party Advisory

https://myses.de/pdf/CVE2022-27247.pdf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-27247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27247

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-27247