Primary

Context

Meon KYC Solutions Information Disclosure Vulnerability

Vulnerability

A vulnerability allowing the transmission of sensitive data in plain text has been identified in Meon KYC Solutions version 1.1. This issue arises within the response payloads of certain API endpoints, where unencrypted sensitive information belonging to users can be intercepted. An authenticated remote attacker could exploit this vulnerability to access and misuse this information, potentially leading to impersonation of the target user and unauthorized access to their account.

Impact

Exploitation of this vulnerability could allow an authenticated remote attacker to intercept unencrypted sensitive information from API responses, leading to unauthorized access to other users' accounts.

Remediation

Users are advised to upgrade Meon KYC Solutions to version 1.2.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Meon KYC Solutions Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating