CVE-2022-44013

Name of the Vulnerable Software and Affected Versions Simmeth Lieferantenmanager versions prior to 5.6

Description An issue was discovered where an attacker can make various API calls without authentication because the password in a Credential Object is not checked. This allows unauthorized access to the system.

Recommendations For versions prior to 5.6, update to version 5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to API endpoints to minimize the risk of exploitation. Avoid using the Credential Object without proper authentication until the issue is resolved.