Primary

Context

T-INNOVA Deporsite Insecure Direct Object Reference Vulnerability

Vulnerability

An insecure direct object reference vulnerability has been identified in the Deporsite application by T-INNOVA, specifically in version 05.29.0907 of the Deporsite Module. This vulnerability allows attackers to access sensitive information from other users by manipulating the 'idUsuario' parameter in the '/helper/Familia/obtenerFamiliaUsuario' endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information.

Remediation

Users of the affected Deporsite module have been patched by T-INNOVA in release 2024.02 (DSuite2024 v06.1287 fix2).

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

T-INNOVA Deporsite Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating