Ozex

**Name of the Vulnerable Software and Affected Versions** MILLENSYS Vision Tools Workspace version 6.5.0.2585 **Description** MILLENSYS Vision Tools Workspace version 6.5.0.2585 has a configuration endpoint, `/MILLENSYS/settings`, that does not require authentication. Accessing this endpoint reveals sensitive information including plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can obtain this information by directly accessing the endpoint, potentially leading to full system compromise. The issue is caused by a lack of access controls on a privileged administrative function. **Recommendations** Apply access controls to the `/MILLENSYS/settings` endpoint to prevent unauthenticated access.