Lucene search

PRIOn knowledge basePRION:CVE-2022-37774

HistoryNov 23, 2022 - 12:15 a.m.

Improper access control

2022-11-2300:15:00

PRIOn knowledge base

www.prio-n.com

access control

maarch rm 2.8.3

vulnerability

url

authentication

hash

document access

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document’s URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication.

CPENameOperatorVersion
maarch_rmge2.8
maarch_rmlt2.8.6
maarch_rmeq2.9

Name	Operator	Version
maarch_rm	ge	2.8
maarch_rm	lt	2.8.6
maarch_rm	eq	2.9

References

maarch.com

github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md