Tera Insights tiCrypt Unauthenticated REST API Access Vulnerability in tiaudit Component Allowing Sensitive Information Disclosure
Vulnerability
A vulnerability exists in the tiaudit component of Tera Insights tiCrypt, prior to July 17, 2025, allowing unauthenticated REST API requests that disclose sensitive information about SQL query patterns and database structure. This issue arises from improper access control, as the affected API endpoints were accessible without authentication, exposing internal database details that could be leveraged for further attacks or exploitation.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure, revealing sensitive details about the application's database structure and SQL query patterns.
Remediation
The vendor has resolved this vulnerability by restricting access to the affected API endpoints, ensuring that only authenticated users can access them. This fix has been documented and is reflected in the tiCrypt documentation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.