N/A

An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application

N/A

N/A

Subex ROC Partner Settlement 安全漏洞

Subex ROC Partner Settlement是印度Subex公司的一套可扩展的合作伙伴管理平台。该平台支持计费和收入管理等功能。 Subex ROC Partner Settlement 10.5版本中的Change Password功能存在安全漏洞。远程攻击者可通过操作POST参数利用该漏洞控制帐户。

N/A

N/A