Tata Consultancy Services Cognix Recon Client Authorization Bypass Vulnerability Allowing Privilege Escalation
Vulnerability
An authorization bypass vulnerability has been identified in Tata Consultancy Services (TCS) Cognix Recon Client version 3.0. This vulnerability allows authenticated users to escalate privileges across different roles by sending crafted requests. The issue arises from inadequate enforcement of role-based access control, which enables users to manipulate object identifiers and bypass authorization checks.
Impact
Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain access to roles and permissions they should not have.
Remediation
TCS has implemented enhanced authorization validation and strengthened role verification mechanisms to prevent the manipulation of user-controlled identifiers. This vulnerability has been validated as remediated in the currently deployed version of the product.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.