Primary

Context

Rising Technosoft CAP Back Office Improper Authentication Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability in the Rising Technosoft CAP back office application, all versions prior to 2.0.4, has been identified. This issue arises from an improper authentication check at an API endpoint, allowing an unauthenticated remote attacker with a valid login ID to exploit the vulnerability. By manipulating API input parameters through the request URL or payload, the attacker could gain unauthorized access to other user accounts.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts, allowing attackers to access sensitive information or perform actions on behalf of the compromised users.

Remediation

Users are advised to upgrade the Rising Technosoft CAP back office application to version 2.0.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rising Technosoft CAP Back Office Improper Authentication Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating