CVE-2019-11020

Name of the Vulnerable Software and Affected Versions DDRT Dashcom Live version 2019-05-09

Description The issue is related to a lack of authentication in file-viewing components, allowing unauthorized remote access to claim details. This can be achieved by visiting easily guessable URLs, such as "dashboard/uploads/claim files/claim id " URLs.

Recommendations For DDRT Dashcom Live version 2019-05-09, consider implementing proper authentication mechanisms for the file-viewing components to restrict access to authorized users. As a temporary workaround, restrict access to the "dashboard/uploads/claim files/claim id " URLs to minimize the risk of exploitation.