Annex Cloud · Annex Cloud Loyalty Experience Platform · CVE-2021-31927
Name of the Vulnerable Software and Affected Versions:
Annex Cloud Loyalty Experience Platform versions prior to 2021.1.0.2
Description:
The issue is related to an Insecure Direct Object Reference (IDOR) that allows any authenticated attacker to modify existing users, including those assigned to different environments and clients.
Recommendations:
For versions prior to 2021.1.0.2, update to version 2021.1.0.2 or later to resolve the issue.