Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore™. This impersonation is at application level (Therefore access level), not the operating system level.

N/A

使用欺骗进行的认证绕过

Therefore Online和Therefore On-Premises 安全漏洞

Therefore Online和Therefore On-Premises都是德国Therefore公司的产品。Therefore Online是一款云端文档管理系统。Therefore On-Premises是一款文档管理系统。 Therefore Online和Therefore On-Premises存在安全漏洞，该漏洞源于存在账户冒充漏洞，可能导致恶意用户冒充Web服务账户或API服务账户访问存储在Therefore中的文档。

N/A

N/A