ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix

An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration in API authorization logic, which has since been corrected in SE.2025.1 and 2025.1.2.

N/A

通过用户控制密钥绕过授权机制

ETQ Reliance 安全漏洞

ETQ Reliance是美国ETQ公司的一款质量管理系统。 ETQ Reliance存在安全漏洞，该漏洞源于API授权逻辑配置错误，可能导致未经验证的攻击者绕过访问控制检查并检索有限的敏感资源。

N/A

N/A