CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionNVD
Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
AnalysisAI
LeadConnector versions 3.0.21 and earlier contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data due to improperly configured access controls. An attacker can exploit this vulnerability without authentication or user interaction to tamper with application data, though confidentiality and availability are not affected. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today