{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-37774", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T10:37:41.666Z", "dateReserved": "2022-08-08T00:00:00", "datePublished": "2022-11-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://maarch.com"}, {"url": "https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:37:41.666Z"}, "title": "CVE Program Container", "references": [{"url": "http://maarch.com", "tags": ["x_transferred"]}, {"url": "https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:maarch:maarch_rm:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ACE6E8F-5A5F-4B93-B0C9-3EBEAFC10EED", "versionEndExcluding": "2.8.6", "versionStartIncluding": "2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:maarch:maarch_rm:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "C4C30EE5-5C2B-4501-92F9-7DA89B362B1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso rota en la soluci\u00f3n Maarch RM 2.8.3. Al acceder a alg\u00fan documento espec\u00edfico (pdf, correo electr\u00f3nico) desde un archivo, la aplicaci\u00f3n propone una vista previa. Esta vista previa genera una URL que incluye un hash md5 del archivo al que se accede. Luego se puede acceder a la URL del documento (https://{url}/tmp/{MD5 hash of the document}) sin autenticaci\u00f3n."}], "id": "CVE-2022-37774", "lastModified": "2022-11-26T03:33:51.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T00:15:10.887", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://maarch.com"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}