Ecase Audit
CVE-2026-22230
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.
AnalysisAI
OPEXUS eCASE Audit contains an access control bypass that allows authenticated users to circumvent administrative restrictions by manipulating client-side JavaScript or crafting direct HTTP requests to re-enable disabled functions and buttons. This vulnerability affects eCASE Platform versions prior to 11.14.1.0 and could enable attackers to perform unauthorized actions that administrators have explicitly blocked. No patch is currently available for affected deployments.
Technical ContextAI
Classified as CWE-863 (Incorrect Authorization). Affects Ecase Audit. OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Ecase Audit
View allStored cross-site scripting in OPEXUS eCASE Audit enables authenticated users to inject malicious JavaScript through the
Stored cross-site scripting in OPEXUS eCASE Audit's Project Setup functionality allows authenticated users to inject mal
OPEXUS eCASE Audit's Document Check Out feature contains a stored cross-site scripting vulnerability that allows authent
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today