CVE-2022-45183

EUVD-2022-48091
Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
ironmansoftwarepowershell_universal
2.0.0 ≤
𝑥
< 2.12.6
ironmansoftwarepowershell_universal
3.0.0 ≤
𝑥
< 3.4.7
ironmansoftwarepowershell_universal
3.5.0 ≤
𝑥
< 3.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.ironmansoftware.com/psu-2022-11-cve/
https://docs.powershelluniversal.com/changelog
https://ironmansoftware.com
https://blog.ironmansoftware.com/psu-2022-11-cve/
https://docs.powershelluniversal.com/changelog
https://ironmansoftware.com