Direct Request ('Forced Browsing')
CVE-2022-24932
Summary
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
- LOW
- LOCAL
- NONE
- PARTIAL
- NONE
- NONE
CWE-425 - Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
References
Advisory Timeline
- Published