PT-2017-17657 · Personify · Personify360 E-Business

Assistant

Published

2017-06-07

Updated

2017-06-14

CVE-2017-7313

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Personify360 e-Business versions 7.5.2 through 7.6.1

Description An issue in the software allows unauthorized access to customer information. By visiting the "/TabId/275" API endpoint, an attacker can read customer names, master Customer Ids, and email addresses without requiring authentication.

Recommendations For versions 7.5.2 through 7.6.1, restrict access to the "/TabId/275" API endpoint to prevent unauthorized data access. Consider implementing proper authentication mechanisms to protect customer information.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-7313

Affected Products

Personify360 E-Business

PT-2017-17657 · Personify · Personify360 E-Business

CVE-2017-7313

Weakness Enumeration

Related Identifiers

Affected Products

References · 3