Skip to main content

On24 Q A Chat

1 CVEs product

Monthly

CVE-2026-3321 HIGH This Week

Unauthenticated attackers can bypass authorization controls in On24 Q&A Chat to enumerate event IDs and retrieve complete question-and-answer histories through the console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/ endpoint. This exposure leaks sensitive data including user identifiers, private URLs, messages, and internal references that should be restricted to authenticated users. The compromised information can facilitate reconnaissance for lateral movement, system exploitation, or unauthorized access to connected applications.

Authentication Bypass On24 Q A Chat
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH This Week

Unauthenticated attackers can bypass authorization controls in On24 Q&A Chat to enumerate event IDs and retrieve complete question-and-answer histories through the console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/ endpoint. This exposure leaks sensitive data including user identifiers, private URLs, messages, and internal references that should be restricted to authenticated users. The compromised information can facilitate reconnaissance for lateral movement, system exploitation, or unauthorized access to connected applications.

Authentication Bypass On24 Q A Chat
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy