Tristao

**Name of the Vulnerable Software and Affected Versions** Netadmin Software NetAdmin IAM versions up to 3.5 **Description** A vulnerability was found in the HTTP POST Request Handler component, specifically affecting the /controller/api/Answer/ReturnUserQuestionsFilled file. The manipulation of the `username` argument leads to information exposure through discrepancy. This issue can be exploited remotely, with a rather high complexity of attack and difficult exploitation. The exploit has been disclosed to the public. **Recommendations** For Netadmin Software NetAdmin IAM versions up to 3.5, the vendor is planning to release a fix in mid-October 2024. As a temporary workaround, consider restricting access to the /controller/api/Answer/ReturnUserQuestionsFilled API endpoint or disabling the manipulation of the `username` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.