Primary

Context

Uniong WebITR Authentication Bypass Vulnerability Allowing User Impersonation

Vulnerability

An authentication bypass vulnerability has been identified in Uniong's WebITR application, specifically in versions through 2_1_0_33. This vulnerability allows authenticated remote attackers to log into the system as any user by modifying a specific parameter. To exploit this issue, attackers must first obtain a user ID.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, potentially leading to misuse of user privileges and access to sensitive information.

Remediation

Users are advised to update WebITR to version 2_1_0_34 or later.

Added: Nov 28, 2025, 8:19 AM

Updated: Nov 28, 2025, 8:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uniong WebITR Authentication Bypass Vulnerability Allowing User Impersonation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating