Headline
CVE-2022-1984: HYPR Security Advisories | HYPR
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.
HYPR software routinely undergoes security assessments in order to identify any potential security risks. As a result of these internal and external efforts some vulnerabilities may be identified and proper advisories are sent when remediation is available.
You can find here a list of risks identified in the HYPR components.
CVE ID
Risk
Affected Version
Fix Version
Description
Component
CVE-2022-1984
Medium
<7.3
7.3
Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.3 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.
HYPR Windows WFA
CVE-2022-2192
High
6.10 to 6.15.1
6.15.2
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page.
HYPR Server
CVE-2022-2193
High
<6.14.1
6.14.1
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page.
HYPR Server
Related news
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.