PT-2026-29024 · On24 · On24 Q&A Chat
Published
2026-03-30
·
Updated
2026-05-15
·
CVE-2026-3321
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined. (affected versions not specified)
Description
A vulnerability exists that allows authorization bypass through a user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this allows an unauthenticated attacker to enumerate event IDs and obtain the complete question and answer history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. The leaked content could be exploited for reconnaissance for lateral movement, exploitation of related systems, or unauthorized access to internal applications referenced in chat messages.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
On24 Q&A Chat