Pat Infinite Solutions HelpdeskAdvanced Incorrect Access Control Vulnerability

Vulnerability

A vulnerability allowing low privileged users to edit their own Access Control List (ACL) rules has been identified in Pat Infinite Solutions HelpdeskAdvanced versions 11.0.33 and prior. This issue arises from incorrect access control, which enables users to send requests to the 'AclList/SaveAclRules' administrative function and modify their ACL rules.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of ACL rules, allowing users to potentially escalate privileges or gain unauthorized access to certain functionalities or data.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pat Infinite Solutions HelpdeskAdvanced Incorrect Access Control Vulnerability

Vulnerability

Impact

Affected Products

Pat Infinite Solutions HelpdeskAdvanced

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating