CVE-2022-31887
CRITICALMarval MSM v14.19.0.12476 - 0-Click Account Takeover and Privilege Escalation
Title source: llmDescription
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
References (3)
Core 3
Core References
Product x_refsource_misc
https://marvalglobal.com/
Broken Link, Third Party Advisory x_refsource_misc
https://drive.google.com/drive/folders/12nb9KvckzhUNv4RtjlaeZi8QeFqwvkMX?usp=sharing
Exploit, Third Party Advisory x_refsource_misc
https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/0-click-account-takeover
Scores
CVSS v3
9.8
EPSS
0.0123
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
marvalglobal/marval_msm
14.19.0.12476
Published
Jun 28, 2022
Tracked Since
Feb 18, 2026