Lucene search

[email protected]CVE-2022-2192

HistoryJul 19, 2022 - 3:15 p.m.

CVE-2022-2192

2022-07-1915:15:08

CWE-425

[email protected]

web.nvd.nist.gov

cve-2022-2192

forced browsing

vulnerability

hypr server

path tampering

magic link page

remote attackers

privilege elevation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.

Affected configurations

NVD

Node

hyprhypr_serverRange6.10–6.15.1

CPENameOperatorVersion
hypr:hypr_serverhypr hypr serverle6.15.1

CPE	Name	Operator	Version
hypr:hypr_server	hypr hypr server	le	6.15.1

CNA Affected

[
  {
    "product": "HYPR Server",
    "vendor": "HYPR",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of 6.10",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "6.15.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hypr.com/security-advisories/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2022-2192

cvelist1 nvd1 prion1