CVE-2022-2193
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HYPR | HYPR Server | unspecified < 6.14.1 | affected |
Weaknesses
- CWE-280: CWE-280 Improper Handling of Insufficient Permissions or Privileges
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.