CVE-2021-41298

Name of the Vulnerable Software and Affected Versions ECOA BAS controller (affected versions not specified)

Description The ECOA BAS controller is vulnerable to insecure direct object references. This occurs when the application provides direct access to objects based on user-supplied input, allowing attackers with general user privileges to remotely bypass authorization. As a result, they can access hidden resources in the system and execute privileged functionalities.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.