API Vulnerability in Tooljet Product by Fourcube
CVE-2022-27978

7.5HIGH

Key Information:

Vendor: Tooljet
Status: Tooljet
Vendor: CVE Published:; 26 April 2023

What is CVE-2022-27978?

The Tooljet v1.6 application has a vulnerability that arises from improper handling of missing values in its API. This flaw allows attackers to send specially crafted HTTP requests that can lead to arbitrary password resets, compromising user accounts and impacting the security of the affected systems.

References

http://tooljet.com

https://github.com/fourcube/security-advisories/blob/main...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2023
Vulnerability Reserved
Mar 28, 2022

CVE-2022-27978 Data

JSON