PT-2025-48486 · Data Illusion · Zumbrunn Ngsurvey
Thomas Clair
·
Publicado
2025-12-01
·
Atualizado
2025-12-01
·
CVE-2025-13829
CVSS v4.0
8.6
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y |
Name of the Vulnerable Software and Affected Versions
Data Illusion Zumbrunn NGSurvey (affected versions not specified)
Description
An incorrect authorization issue exists in Data Illusion Zumbrunn NGSurvey, allowing any authenticated user to access the private information of other users. This includes sensitive data such as the
APIKEY (valid for a one-year user session), RefreshToken (valid for a ten-minute user session), Password hashed with bcrypt, User IP, Email, and Full Name. The issue involves unauthorized access to user data through improper authorization checks.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zumbrunn Ngsurvey