CVE-2022-2193

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-280
View all →

Vulnerability Description

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.

Related Vulnerabilities

CVE-2019-6570

HIGH
CVSS:8.8(High)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorizat...

CWE-2802019

CVE-2024-22078

HIGH
CVSS:8.8(High)

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem ...

CWE-2802024

CVE-2024-25108

HIGH
CVSS:8.8(High)

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users inte...

CWE-2802024

CVE-2024-36451

HIGH
CVSS:8.8(High)

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by a...

CWE-2802024

CVE-2025-29826

HIGH
CVSS:8.8(High)

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

CWE-2802025

CVE-2022-4863

HIGH
CVSS:8.4(High)

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.

CWE-2802022