Collaboration vDesk
by LIVEBOX
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45174 | Cri | 0.64 | 9.8 | 0.01 | Apr 14, 2023 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and… | ||
| CVE-2022-45175 | Med | 0.42 | 6.5 | 0.01 | Apr 14, 2023 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by… | ||
| CVE-2022-45170 | Med | 0.42 | 6.5 | 0.00 | Apr 14, 2023 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user. | ||
| CVE-2022-45176 | 0.00 | — | 0.00 | Jun 10, 2024 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent… | |||
| CVE-2022-45171 | 0.00 | — | 0.01 | May 28, 2024 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without… | |||
| CVE-2022-45177 | 0.00 | — | 0.01 | Feb 21, 2024 | An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web… |
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and…
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by…
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.
- CVE-2022-45176Jun 10, 2024risk 0.00cvss —epss 0.00
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent…
- CVE-2022-45171May 28, 2024risk 0.00cvss —epss 0.01
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without…
- CVE-2022-45177Feb 21, 2024risk 0.00cvss —epss 0.01
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web…