Systemic Risk Value Improper Access Control Vulnerability Allowing Unauthorized File Access

Vulnerability

A vulnerability exists in Systemic Risk Value versions through 2.8.0, allowing improper access control in the file retrieval feature. The issue is located in the 'Controls/GetFile.aspx' endpoint, where uploaded files can be accessed using a predictable numerical ID. This vulnerability enables unauthorized users to manipulate the ID parameter to access and download files without permission.

Impact

Exploitation of this vulnerability allows unauthorized users to access and download files they are not permitted to view.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Systemic Risk Value Improper Access Control Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating