Assistant

**Name of the Vulnerable Software and Affected Versions** Personify360 e-Business versions 7.5.2 through 7.6.1 **Description** An issue in Personify360 e-Business allows unauthorized access to vendor account data. By visiting the "/TabId/275" API endpoint, an attacker can add a new vendor account or read existing vendor account data, including usernames and passwords. **Recommendations** For versions 7.5.2 through 7.6.1, restrict access to the "/TabId/275" API endpoint to prevent unauthorized modifications or readings of vendor account data. Consider temporarily disabling the functionality associated with this endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Personify360 e-Business versions 7.5.2 through 7.6.1 **Description** An issue in the software allows unauthorized access to customer information. By visiting the "/TabId/275" API endpoint, an attacker can read customer names, master Customer Ids, and email addresses without requiring authentication. **Recommendations** For versions 7.5.2 through 7.6.1, restrict access to the "/TabId/275" API endpoint to prevent unauthorized data access. Consider implementing proper authentication mechanisms to protect customer information.

**Name of the Vulnerable Software and Affected Versions** Personify360 e-Business versions 7.5.2 through 7.6.1 **Description** An issue in Personify360 e-Business allows access to a list of database tables and their columns when creating a new role and visiting the "/TabId/275" API endpoint. **Recommendations** For versions 7.5.2 through 7.6.1, restrict access to the "/TabId/275" API endpoint to prevent unauthorized disclosure of database schema information.