CVE-2002-0579

Name of the Vulnerable Software and Affected Versions WorkforceROI Xpede version 4.1

Description The issue allows remote attackers to gain privileges as an Xpede administrator. This is achieved via a direct HTTP request to the "/admin/adminproc.asp" API endpoint, which does not prompt for a password.

Recommendations For WorkforceROI Xpede version 4.1, consider restricting access to the "/admin/adminproc.asp" API endpoint until a patch is available. As a temporary workaround, limit the exposure of this endpoint to minimize the risk of exploitation.