Issuetrak Insecure Direct Object Reference Vulnerability Allowing Unauthorized Access to User Audit Data
Vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Issuetrak versions through 17.2.2. This vulnerability allows low-privileged users to access the audit results of other users. By exploiting improper access controls in the audit component, an attacker can retrieve sensitive information such as user details, network and hardware information, installed programs, running processes, drives, and printers. This unauthorized access could lead to privacy violations and security risks.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive user audit data, including personal details and information about networked devices and processes.
Remediation
Users are advised to upgrade to Issuetrak version 17.3 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.