marvalglobal

Top products

The 8 most recently published vulnerabilities affecting marvalglobal.

• CVE-2023-33284Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server.8.8Jun 7, 2023
• CVE-2023-33283Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.5.5Jun 7, 2023
• CVE-2023-33282Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls ...9.8Jun 7, 2023
• CVE-2022-31887Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve...9.8Jun 28, 2022
• CVE-2022-31884Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.6.5Jun 28, 2022
• CVE-2022-31883Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.8.8Jun 28, 2022
• CVE-2022-31886Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.6.5Jun 28, 2022
• CVE-2022-31885Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.9.8Jun 28, 2022