Vulnerability Details CVE-2022-31886
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/2fa-bypass-via-x-csrf
- https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY
- https://marvalglobal.com/
- https://www.servicedeskinstitute.com/casestudies/who-is-marval-software/
- https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/2fa-bypass-via-x-csrf
- https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY
- https://marvalglobal.com/
- https://www.servicedeskinstitute.com/casestudies/who-is-marval-software/
Products affected by CVE-2022-31886
-
cpe:2.3:a:marvalglobal:marval_msm:14.19.0.12476