Primary

Context

Hallo Welt! GmbH BlueSpice Extension:NSFileRepo Incorrect Permission Assignment Vulnerability Allowing Access Control Bypass

Vulnerability

Patched

A vulnerability in Hallo Welt! GmbH BlueSpice, specifically in the Extension:NSFileRepo modules, has been identified. This issue allows access to functionalities that are not properly restricted by Access Control Lists (ACLs), effectively bypassing electronic locks and access controls. The vulnerability is present in BlueSpice versions 5.1 through 5.1.3 and 5.2 through 5.2.0, as well as in Extension:NSFileRepo versions 3.0 prior to 3.0.5.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files or directories, allowing external parties to bypass established access controls and electronic locks.

Remediation

Users can update to BlueSpice PRO/FARM versions 5.1.4 or 5.2.1 to address this vulnerability.

Added: Mar 4, 2026, 1:17 PM

Updated: Mar 4, 2026, 7:14 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.6

remediation

7.9

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.6

remediation

7.9

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hallo Welt! GmbH BlueSpice Extension:NSFileRepo Incorrect Permission Assignment Vulnerability Allowing Access Control Bypass

Vulnerability

Impact

Remediation

Affected Products

Hallo Welt! GmbH BlueSpice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating