VYPR
High severity8.8NVD Advisory· Published Apr 14, 2023· Updated Jun 17, 2026

CVE-2022-45178

CVE-2022-45178

Description

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • LIVEBOX Collaboration/vDeskdescription
  • LIVEBOX/vDeskllm-fuzzy
    Range: <=v018

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.