Platform Incorrect Access Control Vulnerability in ApiOrderService.java Allowing Sensitive Information Disclosure

Vulnerability

A vulnerability exists in the 'platform' application, specifically in version 1.0.0, within the 'ApiOrderService.java' component. The issue arises from improper access control, which enables attackers to access sensitive information by sending a crafted request. The vulnerability is exploited by manipulating the 'couponId' parameter to access and use someone else's coupon, thereby reducing the amount spent on purchases.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, specifically through the misuse of coupons, allowing attackers to fraudulently reduce purchase costs.

Added: Dec 4, 2025, 4:21 PM

Updated: Dec 4, 2025, 5:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Platform Incorrect Access Control Vulnerability in ApiOrderService.java Allowing Sensitive Information Disclosure

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating