Omission of user-controlled key authorization in the...
Moderate severity
Unreviewed
Published
Jan 18, 2024
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
Jan 18, 2024
Published to the GitHub Advisory Database
Jan 18, 2024
Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc.
References