Lucene search

[email protected]CVE-2022-2193

HistoryJul 19, 2022 - 3:15 p.m.

CVE-2022-2193

2022-07-1915:15:08

CWE-639

CWE-280

[email protected]

web.nvd.nist.gov

cve-2022-2193

insecure direct object reference

hypr server

fido2 authenticator

parameter tampering

device manager page

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.

Affected configurations

NVD

Node

hyprhypr_serverRange<6.14.1

CPENameOperatorVersion
hypr:hypr_serverhypr hypr serverlt6.14.1

CPE	Name	Operator	Version
hypr:hypr_server	hypr hypr server	lt	6.14.1

CNA Affected

[
  {
    "product": "HYPR Server",
    "vendor": "HYPR",
    "versions": [
      {
        "lessThan": "6.14.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hypr.com/security-advisories/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

Related for CVE-2022-2193

prion1 cvelist1 nvd1