Altium 365 SearchService Missing Authentication Vulnerability Allowing Unauthenticated Search Index Manipulation

A missing authentication vulnerability in Altium 365's SearchService allows unauthenticated network attackers to access and manipulate search index operations via a legacy SOAP endpoint. This vulnerability affects all Altium 365 cloud deployments but not on-premise Altium Enterprise Server. The issue arises because the SOAP endpoint exposes search index operations without requiring authentication, session tokens, or identity verification. Attackers who can reference a target workspace's identifier can interact with that workspace's search index, crossing tenant boundaries. Exploitation of this vulnerability enables the reading of indexed contents, such as component data, project and folder names, and user metadata, as well as the injection, modification, or deletion of search index entries. While these operations only impact the search index and not the underlying vault data, they can reveal sensitive workspace information and disrupt the integrity and availability of search results.

Impact

Successful exploitation allows unauthorized access to a workspace's search index, enabling the reading of indexed contents and the injection, modification, or deletion of search index entries. These actions can disclose sensitive workspace information and compromise the integrity and availability of search results.