Vulnerabilities > CVE-2024-0580 - Authorization Bypass Through User-Controlled Key vulnerability in Idmsistemas Sinergia 2.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
idmsistemas
CWE-639
NVD
Published: 2024-01-18
Updated: 2024-01-26

Summary

Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc.

Vulnerable Configurations

Part Description Count
Application
Idmsistemas
1

Common Weakness Enumeration (CWE)

References