Michlol - rashim web interface Insecure direct object references (IDOR).
First of all, the attacker needs to login.
After he performs log into the system there are some functionalities that the specific user is not allowed to perform.
However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then
the attacker can access sensitive data that he not supposed to access because its belong to another user.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gov.il/en/Departments/faq/cve_advisories |
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: INCD
Published: 2022-08-05T15:25:06.930961Z
Updated: 2024-09-16T17:08:43.887Z
Reserved: 2022-06-29T00:00:00
Link: CVE-2022-34769
Vulnrichment
Updated: 2024-08-03T09:22:10.042Z
NVD
Status : Modified
Published: 2022-08-05T16:15:14.467
Modified: 2024-11-21T07:10:08.980
Link: CVE-2022-34769
Redhat
No data.