PT-2025-39977 · Bold · Bold Workplanner
Ángel González
·
Publicado
2025-09-30
·
Atualizado
2025-09-30
·
CVE-2025-41096
CVSS v4.0
7.1
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
BOLD Workplanner versions prior to 2.5.25
Description
An Insecure Direct Object Reference (IDOR) issue exists in BOLD Workplanner. The problem stems from insufficient validation of user input, potentially allowing an authenticated user to access contract details dates using unauthorized internal identifiers.
Recommendations
Update BOLD Workplanner to version 2.5.25 or later.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bold Workplanner