B4Bay

**Name of the Vulnerable Software and Affected Versions** casgate versions (affected versions not specified) **Description** The issue allows a remote unauthenticated attacker to obtain sensitive information via a GET request to an API endpoint. An attacker could use the `id` parameter of GET requests with the value `anonymous/ anonymous` to bypass authorization on certain API endpoints. Successful exploitation could lead to account takeover, privilege escalation, or provide the attacker with credentials to other services. **Recommendations** As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Users are advised to upgrade to a newer version once it is released, as there are no known workarounds for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.