Primary

Context

T-INNOVA Deporsite Insecure Direct Object Reference Vulnerability

Vulnerability

An insecure direct object reference vulnerability has been identified in the Deporsite application by T-INNOVA, specifically in version 05.29.0907 of the Deporsite Module. This vulnerability allows an attacker to access sensitive information from other users by exploiting the 'idUsuario' parameter in the '/helper/Familia/establecerUsuarioSeleccion' endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information.

Remediation

The vulnerability has been fixed in the Deporsite Module version 2024.02 (DSuite2024 v06.1287 fix2). T-INNOVA has applied the patch for affected customers.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

T-INNOVA Deporsite Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating