Userhavook

**Name of the Vulnerable Software and Affected Versions** Postman versions up to 11.20 **Description** A problematic issue has been found in Postman on Windows, affecting an unknown part of the library file profapi.dll. The manipulation leads to an untrusted search path. The attack must be approached locally and has a rather high complexity, with difficult exploitability. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Postman versions up to 11.20, as a temporary workaround, consider restricting access to the library file profapi.dll to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.