Security Advisory

CVE-2022-45175

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-14 00:00:00

Last updated 2025-02-07 16:35:41

Assigner mitre

State PUBLISHED

Description

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.

← Browse all CVEs View on cve.org ↗