What is the severity of CVE-2022-23173?

CVE-2022-23173 has been assigned a medium severity rating due to unauthorized access risks.

How do I fix CVE-2022-23173?

To mitigate CVE-2022-23173, upgrade to Priority Software version 22.0 or later.

Who is affected by CVE-2022-23173?

CVE-2022-23173 affects users of Priority Software versions prior to 22.0, especially in the demo site.

What are the potential impacts of CVE-2022-23173?

CVE-2022-23173 may allow attackers to view application functionality through unauthorized web access.

Is there a workaround for CVE-2022-23173?

Currently, there is no known effective workaround other than upgrading the software.

Vulnerability/
CVE-2022-23173

medium

6.5

CWE

639

6/7/2022

16/9/2024

CVE-2022-23173: Priority - Priority web Insecure direct object references (IDOR)

First published: Wed Jul 06 2022(Updated: )

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed.

Credit: cna@cyber.gov.il

Affected Software	Affected Version	How to fix
Priority Software Priority	<22.0

Remedy

Update to version V22.0.

Never miss a vulnerability like this again

Reference Links

https://www.gov.il/en/Departments/faq/cve_advisories

Frequently Asked Questions

What is the severity of CVE-2022-23173?
CVE-2022-23173 has been assigned a medium severity rating due to unauthorized access risks.
How do I fix CVE-2022-23173?
To mitigate CVE-2022-23173, upgrade to Priority Software version 22.0 or later.
Who is affected by CVE-2022-23173?
CVE-2022-23173 affects users of Priority Software versions prior to 22.0, especially in the demo site.
What are the potential impacts of CVE-2022-23173?
CVE-2022-23173 may allow attackers to view application functionality through unauthorized web access.
Is there a workaround for CVE-2022-23173?
Currently, there is no known effective workaround other than upgrading the software.

agent/type
agent/softwarecombine
agent/weakness
agent/references
agent/title
agent/author
agent/remedy
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/priority-software
canonical/priority software priority

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.