High severity8.8NVD Advisory· Published Apr 14, 2023· Updated Jun 17, 2026
CVE-2022-45178
CVE-2022-45178
Description
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- LIVEBOX Collaboration/vDeskdescription
Patches
Vulnerability mechanics
References
1- www.gruppotim.it/it/footer/red-team.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.