Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Direct reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2A
Vulnerability Description
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in '/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas'.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
i2A CronosWeb 安全漏洞
Vulnerability Description
i2A CronosWeb是西班牙i2A公司的一个面向SAP环境的集成和自动化工具。 i2A CronosWeb 25.00.00.12及之前版本存在安全漏洞,该漏洞源于操纵documentCode参数可能导致访问其他用户文档。
CVSS Information
N/A
Vulnerability Type
N/A