Critical Vulnerability Advisory Report

Summary	Incorrect Access Control Vulnerability
Release Date	21st December 2022
Product	M-Link
Version(s)	16.2v1 to 17.0v23
CVE ID	CVE-2022-47634

Summary of vulnerability

This advisory discloses a critical vulnerability introduced in version R16.2v1 of M-Link. The following versions are affected by this vulnerability:

M-Link R16.2v1 to R17.0v23.

There is a bug where, after successful authentication as a non-administrative user, an attacker with knowledge of the correct HTTP URLs is able to access and manipulate archive data.

Severity

Isode rates the severity level of this vulnerability as medium, according to the CVSS system (details can be found at www.first.org).

Mitigation

This vulnerability has been fixed in M-Link R17.0v24 and affected services are advised to immediately upgrade to this version. Current later versions (such as the subsequent major release R19.2) are not affected by this vulnerability.

Acknowledgements

This vulnerability was discovered, with thanks from Isode, by Jerome Nokin of the NATO Cyber Security Centre (NCSC).

Products

Categories

Suggested Searches

Popular Searches

Industries

Military

Civil Aviation

EDI

Government Directory

Support

Isode Support

Software Support

Guides and Downloads

Contact

About Isode

About Isode

Partners

Careers

News

Critical Vulnerability Advisory Report

Summary of vulnerability

Severity

Mitigation

Acknowledgements

Products

Categories

Suggested Searches

Popular Searches

Military

Civil Aviation

EDI

Government Directory

Isode Support

Software Support

Guides and Downloads

Contact

About Isode

Partners

Careers

News

Critical Vulnerability Advisory Report

Summary of vulnerability

Severity

Mitigation

Acknowledgements

Customer Portal