CVE-2022-31887

CRITICAL

Marvalglobal Marval Msm - Insufficiently Protected Credentials

Title source: rule

Description

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.

References (3)

[Exploit, Third Party Advisory] https://cyber-guy.gitbook.io/cyber-guy/pocs/marval-msm/0-click-account-takeover

[Broken Link, Third Party Advisory] https://drive.google.com/drive/folders/12nb9KvckzhUNv4RtjlaeZi8QeFqwvkMX?usp=sharing

[Product] https://marvalglobal.com/

Scores

CVSS v3 9.8

EPSS 0.0037

EPSS Percentile 58.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

marvalglobal/marval_msm

Timeline

Published Jun 28, 2022

Tracked Since Feb 18, 2026