Primary

Context

IKUS Rdiffweb Improper Authorization Vulnerability Allowing Token Impersonation

Vulnerability

Patched

An improper authorization vulnerability has been identified in IKUS Rdiffweb versions prior to 2.10.5. This vulnerability allows an attacker with a valid or stolen access token to impersonate other users. The issue arises because the API fails to properly bind the authenticated user to the targeted user or tenant, enabling crafted requests to access or modify data belonging to other users. In some cases, this vulnerability could be exploited to perform privileged actions, potentially leading to cross-tenant access.

Impact

Exploitation of this vulnerability could result in unauthorized access to user data and the ability to perform actions on behalf of other users, including privileged actions.

Remediation

Users are advised to upgrade to IKUS Rdiffweb version 2.10.6 or later, where this vulnerability has been fixed.

Added: May 4, 2026, 8:24 PM

Updated: May 4, 2026, 8:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

5.5

remediation

7.7

relevance

7.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

5.5

remediation

7.7

relevance

7.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IKUS Rdiffweb Improper Authorization Vulnerability Allowing Token Impersonation

Vulnerability

Impact

Remediation

Affected Products

IKUS Rdiffweb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating