Primary

Context

Becon DATAGerry Incorrect Access Control Vulnerability in REST API Endpoint

Vulnerability

A broken access control vulnerability has been identified in the Becon DATAGerry platform, affecting all versions through 2.2.0. The vulnerability resides in the '/rest/rights/' REST API endpoint, which can be accessed remotely without authentication. This flaw allows unauthorized users to gain access to sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access and disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to the '/rest/rights/' endpoint without authentication. The response will include sensitive information that should not be accessible without proper authorization.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.0

threat

2.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.0

threat

2.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Becon DATAGerry Incorrect Access Control Vulnerability in REST API Endpoint

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating