CVE-2023-27107

Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
myq-solutioncentral_server
𝑥
< 8.2
myq-solutioncentral_server
8.2
myq-solutionprint_server
𝑥
< 8.2
myq-solutionprint_server
8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816
https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816