Описание
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:solvait:solvait:24.4.2:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00094
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests.
EPSS
Процентиль: 27%
0.00094
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269