Skip to main content

Marval Msm

5 CVEs product

Monthly

CVE-2022-31887 CRITICAL POC Act Now

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Marval Msm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31884 MEDIUM POC This Month

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marval Msm
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-31886 MEDIUM POC This Month

Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Marval Msm
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-31885 CRITICAL POC THREAT Act Now

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Marval Msm
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
31.3%
CVE-2022-31883 HIGH This Week

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Marval Msm
NVD
CVSS 3.1
8.8
EPSS
0.9%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Marval Msm
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marval Msm
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Marval Msm
NVD Exploit-DB
EPSS 31% CVSS 9.8
CRITICAL POC THREAT Act Now

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Marval Msm
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Marval Msm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy