CVE-2022-25237 The vulnerability in the RestAPIAuthorizationFilter in the Bentita Web 2021.2 is a authentication/authorization bypass vulnerability.

CVE-2022-25237 The vulnerability in the RestAPIAuthorizationFilter in the Bentita Web 2021.2 is a authentication/authorization bypass vulnerability.

The authentication/authorization bypass can be exploited by malicious users to perform actions that are not permitted without proper authorization. In order to exploit this issue, a user must be tricked into accessing the vulnerable resource, typically by entice in a marketing email or social media post.

TA hypothesis: Due to the nature of the REST API, this issue can be exploited by anyone. End users that have no privileged role on the site are able to bypass the authorization filter. This can lead to remote code execution by any user with the necessary privileges.

After the initial exploitation phase, attackers often try to maintain access by avoiding detection by changing their behaviour. For example, attackers often change their behaviour to avoid detection.

Conclusion:

This issue has high potential for exploitation, which is often seen in REST APIs. This issue can be exploited by attackers to perform actions that are not permitted without proper authorization.

TA hypothesis: End users with no privileged role on the site are able to bypass the authorization filter and exploit this issue to perform remote code execution.

Vulnerable code

The vulnerable code is in the REST API and can be exploited by a malicious user to bypass authentication. To exploit this issue, a user must be tricked into accessing the vulnerable resource, typically by entice in a marketing email or social media post.

TA hypothesis: Due to the nature of the REST API, this vulnerability can be exploited by anyone with sufficient privileges on the site. This leads to remote code execution by any user with the necessary privileges.

There are many ways that an attacker can maintain access after initial exploitation has occurred. For example, attackers often change their behaviour to avoid detection and maintain access.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe