Insecure Direct Object Reference in Kentico CMS by Kentico Software
CVE-2022-29287

4.9MEDIUM

Key Information:

Vendor

Kentico

Status
Kentico
Vendor
CVE Published:
16 April 2022

What is CVE-2022-29287?

The Insecure Direct Object Reference in Kentico CMS allows users with management rights, typically Administrators, to arbitrarily export user options from the database. This vulnerability enables access to sensitive information, including hashed passwords and user settings, of any user, including those with elevated privileges such as Global Administrators. As a result, exploited vulnerabilities could lead to unauthorized access to critical user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://devnet.kentico.com/download/hotfixes
x_refsource_MISC
https://www.offensity.com/en/blog/authenticated-insecure-...
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.