CVE-2020-35577

Name of the Vulnerable Software and Affected Versions: Endalia Selection Portal versions prior to 4.205.0

Description: The issue allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (also known as CommonDownload identification number). This is due to an Insecure Direct Object Reference (IDOR).

Recommendations: For versions prior to 4.205.0, update to version 4.205.0 or later to resolve the issue. As a temporary workaround, consider restricting access to file downloads to minimize the risk of exploitation.