CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-45608

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.5%

CVSS Severity

CVSS v3 Score 8.8

References

http://thingsboard.com
https://wiki.wizard32.net/en/blog/access-control-vulnerability-ThingsBoard
http://thingsboard.com
https://wiki.wizard32.net/en/blog/access-control-vulnerability-ThingsBoard

Products affected by CVE-2022-45608

Thingsboard » Thingsboard » Version: 3.4.1

cpe:2.3:a:thingsboard:thingsboard:3.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-45608

Products

Pricing

Contact Us