Primary

Context

Data Illusion Zumbrunn ngSurvey Incorrect Authorization Vulnerability Allowing Unauthorized Access to User Private Information

Vulnerability

Patched

A vulnerability allowing incorrect authorization has been identified in Data Illusion Zumbrunn ngSurvey. This issue enables any logged-in user to access the private information of other users. The critical information that can be retrieved includes the API key (valid for one year), refresh token (valid for ten minutes), password hashed with bcrypt, user IP address, email, and full name.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, including session tokens, hashed passwords, and personal details such as email and full name.

Added: Dec 1, 2025, 4:35 PM

Updated: Dec 1, 2025, 5:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Data Illusion Zumbrunn ngSurvey Incorrect Authorization Vulnerability Allowing Unauthorized Access to User Private Information

Vulnerability

Impact

Affected Products

Data Illusion Zumbrunn NGSurvey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating