AlertEnterprise Guardian Incorrect Access Control Vulnerability Allowing Manager Approval Bypass

Vulnerability

A vulnerability exists in AlertEnterprise Guardian versions through 4.1.14.2.2.1 that allows remote authenticated users to bypass manager approval in the access request process. This is achieved by manipulating the 'isAddedByApprover' parameter in a Request Building Access requestSubmit API call. As a result, users can approve or revoke access requests without the necessary managerial authorization.

Impact

Exploitation of this vulnerability allows for unauthorized approval or revocation of access requests, potentially leading to improper access rights being granted or removed.

Added: Jul 22, 2025, 8:25 PM

Updated: Jul 22, 2025, 10:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AlertEnterprise Guardian Incorrect Access Control Vulnerability Allowing Manager Approval Bypass

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating