CVE-2022-2192

Summary

Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
HYPRHYPR Servernext of 6.10 < unspecifiedaffected
HYPRHYPR Serverunspecified <= 6.15.1affected

Weaknesses

  • CWE-425: CWE-425 Direct Request (Forced Browsing)

ADP Enrichment

CVE Program Container

Additional References

References