VYPR

Collaboration vDesk

by LIVEBOX

CVEs (6)

  • CVE-2022-45174CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and…

  • CVE-2022-45175MedApr 14, 2023
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by…

  • CVE-2022-45170MedApr 14, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.

  • CVE-2022-45176Jun 10, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent…

  • CVE-2022-45171May 28, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without…

  • CVE-2022-45177Feb 21, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web…