Incontrol
Monthly
{orgId} REST endpoints they should not be able to access by appending a semicolon to the request path. With a scope-changing CVSS of 7.7 and confidentiality impact, a low-privileged tenant could read data belonging to other organizations managed by the same platform. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
{orgId} REST endpoints they should not be able to access by appending a semicolon to the request path. With a scope-changing CVSS of 7.7 and confidentiality impact, a low-privileged tenant could read data belonging to other organizations managed by the same platform. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.