| |
Vulnerability CVE-2022-37774
Published: 2022-11-23
| Description: |
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. |
References: |
http://maarch.com
https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
