On24 Q A Chat
Monthly
Unauthenticated attackers can bypass authorization controls in On24 Q&A Chat to enumerate event IDs and retrieve complete question-and-answer histories through the console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/ endpoint. This exposure leaks sensitive data including user identifiers, private URLs, messages, and internal references that should be restricted to authenticated users. The compromised information can facilitate reconnaissance for lateral movement, system exploitation, or unauthorized access to connected applications.
Unauthenticated attackers can bypass authorization controls in On24 Q&A Chat to enumerate event IDs and retrieve complete question-and-answer histories through the console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/ endpoint. This exposure leaks sensitive data including user identifiers, private URLs, messages, and internal references that should be restricted to authenticated users. The compromised information can facilitate reconnaissance for lateral movement, system exploitation, or unauthorized access to connected applications.