Dex On Premises
Monthly
Broken access control in TeamViewer DEX Platform (On-Premises) before version 9.2 allows authenticated low-privileged users to invoke administrative API endpoints and access sensitive resources outside their authorized scope. The root cause is CWE-862 (Missing Authorization) - backend API endpoints omit proper role-based authorization checks despite confirming user identity. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, but the network-accessible attack vector and low complexity make exploitation straightforward for any user holding valid platform credentials.
Broken access control in TeamViewer DEX Platform (On-Premises) before version 9.2 allows authenticated low-privileged users to invoke administrative API endpoints and access sensitive resources outside their authorized scope. The root cause is CWE-862 (Missing Authorization) - backend API endpoints omit proper role-based authorization checks despite confirming user identity. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, but the network-accessible attack vector and low complexity make exploitation straightforward for any user holding valid platform credentials.