CVE-2022-32277 — MEDIUM (5.3)

Vulnerability Description

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific finding, not a finding about the Squiz Matrix CMS product.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Squiz	Matrix	6.20

Related Weaknesses (CWE)

CWE-639

References

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/Not Applicable
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/squiz-matrix-cmsBroken Link
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/Not Applicable
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/squiz-matrix-cmsBroken Link

FAQ

What is CVE-2022-32277?

CVE-2022-32277 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: thi...

How severe is CVE-2022-32277?

CVE-2022-32277 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32277?

Check the references section above for vendor advisories and patch information. Affected products include: Squiz Matrix.