← Back to CVE List

CVE-2022-45178

Published: 2023-04-14T14:15Z
Last Modified: 2025-02-07T20:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt