Aleksandr Rudkovskii

**Name of the Vulnerable Software and Affected Versions** WombatDialer versions prior to 25.02 **Description** A Server-Side Access Control Bypass issue could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit. **Recommendations** For versions prior to 25.02, update to version 25.02 or later to resolve the issue. As a temporary workaround, consider restricting access to services used by the client to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WombatDialer versions prior to 25.02 **Description** The issue is related to incorrect cookie session handling, which results in the full session identity being written to system logs. This could be used by a malicious attacker to impersonate an existing user session. **Recommendations** For versions prior to 25.02, update to a version 25.02 or later to resolve the issue. As a temporary workaround, consider restricting access to system logs to minimize the risk of exploitation.