Primary

Context

AutoLib Software Systems OPAC API Key Exposure Vulnerability

Vulnerability

A vulnerability exists in AutoLib Software Systems OPAC version 20.10, where multiple API keys are exposed in the source code. This exposure allows attackers to access the backend API or other sensitive information. The vulnerability was introduced in the main.js file.

Impact

The exposure of API keys can lead to unauthorized access to the backend API and potentially sensitive information.

Reproduction

After obtaining the exposed API keys, an attacker can use tools like curl, Postman, or custom scripts to send unauthorized requests to the target API.

Remediation

The vendor released a fix for this vulnerability on September 25, 2024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AutoLib Software Systems OPAC API Key Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating