CVE-2022-2193

Summary

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.

Affected Software

VendorProductVersion RangeStatus
HYPRHYPR Serverunspecified < 6.14.1affected

Weaknesses

  • CWE-280: CWE-280 Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CVE Program Container

Additional References

References