Primary

Context

microCLAUDIA Improper Access Control Vulnerability Allowing Unauthorized Actions on Other Organizations' Systems

Vulnerability

An improper access control vulnerability has been identified in microCLAUDIA versions through 3.2.0. This vulnerability allows authenticated users to perform unauthorized actions on the systems of other organizations by sending direct API requests. Exploitation involves using organization identifiers obtained from a compromised endpoint or deduced manually. The flaw enables access between tenants, allowing attackers to list and manage remote assets, uninstall agents, and delete vaccine configurations.

Impact

Exploitation of this vulnerability could lead to unauthorized access and actions on other organizations' systems, including management of assets and deletion of critical configurations.

Remediation

Users can upgrade to microCLAUDIA version 3.2.2, where this vulnerability has been fixed.

Added: Oct 28, 2025, 10:18 AM

Updated: Oct 28, 2025, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

microCLAUDIA Improper Access Control Vulnerability Allowing Unauthorized Actions on Other Organizations' Systems

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating