Forced Browsing Vulnerability in HYPR Server by HYPR
CVE-2022-2192

7.5HIGH

Key Information:

Vendor: Hypr
Status: Hypr Server
Vendor: CVE Published:; 19 July 2022

What is CVE-2022-2192?

A forced browsing vulnerability exists in the HYPR Server, impacting versions 6.10 through 6.15.1. This security flaw allows remote attackers, who possess a valid one-time recovery token, to exploit path tampering in the Magic Link page. Unauthorized users could potentially elevate their privileges, leading to unauthorized access and data exposure. It is crucial for users of affected versions to apply the recommended patches as outlined in the official security advisory.

Affected Version(s)

HYPR Server next of 6.10

HYPR Server <= 6.15.1

References

https://www.hypr.com/security-advisories/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Jun 23, 2022

Hypr

What is CVE-2022-2192?

Affected Version(s)

References

CVSS V3.1

Timeline