CVE-2022-45636

Опубликовано: 21 мар. 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

Ссылки

https://github.com/WithSecureLabs/megafeis-palm/tree/main/CVE-2022-45636
Exploit
Third Party Advisory
https://labs.withsecure.com/advisories/insecure-authorization-scheme-for-api-requests-in-dbd--mobile-co
Exploit
Third Party Advisory
https://github.com/WithSecureLabs/megafeis-palm/tree/main/CVE-2022-45636
Exploit
Third Party Advisory
https://labs.withsecure.com/advisories/insecure-authorization-scheme-for-api-requests-in-dbd--mobile-co
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:megafeis:bofei_dbd\+:1.4.3:*:*:*:*:iphone_os:*:*

cpe:2.3:a:megafeis:bofei_dbd\+:1.4.4:*:*:*:*:android:*:*

EPSS

Процентиль: 38%

0.00164

Низкий

8.1 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-93fv-965w-2985