VYPR
Vendor

LIVEBOX

Products
3
CVEs
13
Across products
13
Status
Private

Products

3

Recent CVEs

13
  • CVE-2022-45174CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and…

  • CVE-2022-45173CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response,…

  • CVE-2022-45172CriJan 31, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web…

  • CVE-2022-45178HigApr 14, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the…

  • CVE-2014-3150HigNov 15, 2017
    risk 0.57cvss 8.8epss 0.02

    Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.

  • CVE-2022-45180MedApr 14, 2023
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all…

  • CVE-2022-45175MedApr 14, 2023
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by…

  • CVE-2022-45170MedApr 14, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.

  • CVE-2022-45176Jun 10, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent…

  • CVE-2022-45168Jun 10, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate…

  • CVE-2022-45171May 28, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without…

  • CVE-2022-45169Feb 21, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other…

  • CVE-2022-45177Feb 21, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web…