Cristina Coppola

**Name of the Vulnerable Software and Affected Versions** SELESTA Visual Access Manager version 4.38.6 **Description** An issue in SELESTA Visual Access Manager allows attackers to modify the `computer` POST parameter related to the ID of a specific reception by POST HTTP request interception. This can lead to unauthorized access to the application and control of many other receptions beyond the assigned one. The issue can be exploited via local network only. **Recommendations** For SELESTA Visual Access Manager version 4.38.6, restrict local network access and monitor logs until a patch is available. As a temporary workaround, consider restricting access to the `computer` POST parameter to minimize the risk of exploitation.