Privilege Escalation via App Token Retrieval in Ironman Software PowerShell Universal

Privilege Escalation via App Token Retrieval in Ironman Software PowerShell Universal

CVE-2022-45183 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6.

Learn more about our Web App Pen Testing.