CVE-2024-0580

Name of the Vulnerable Software and Affected Versions QSige (affected versions not specified)

Description The issue is related to the omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This allows an attacker to extract sensitive information from the API by making a request to the /qsige.locator/quotePrevious/centers/X endpoint, where X supports values such as 1, 2, 3, etc.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.