CVE-2009-0700

Name of the Vulnerable Software and Affected Versions Plunet BusinessManager versions 4.1 and earlier

Description The issue allows remote authenticated users to bypass access restrictions. This can lead to reading sensitive Customer or Order data via a modified Pfad parameter to "pagesUTF8/Sys DirAnzeige.jsp" or listing sensitive Jobs via a direct request to "pagesUTF8/auftrag job.jsp".

Recommendations For Plunet BusinessManager versions 4.1 and earlier, restrict access to the "pagesUTF8/Sys DirAnzeige.jsp" and "pagesUTF8/auftrag job.jsp" pages to minimize the risk of exploitation. Avoid using the modified Pfad parameter in the affected API endpoint until the issue is resolved.