Maarch: >> Maarch Rm >> 2.9 Security Vulnerabilities
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-23
An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-11-23
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-11-23