Medium severity6.5NVD Advisory· Published Apr 14, 2023· Updated Jun 17, 2026
CVE-2022-45175
CVE-2022-45175
Description
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- LIVEBOX Collaboration/vDeskdescription
- Range: <=v018
Patches
Vulnerability mechanics
References
1- www.gruppotim.it/it/footer/red-team.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.